@snovon/solast 0.2.0

package/dist/detectors/permit-future-dated-deadline.js

@@ -0,0 +1,339 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PermitFutureDatedDeadlineDetector = void 0;
+const ast_1 = require("./_common/ast");
+const RULE_ID = 'permit-future-dated-deadline';
+const IMPLEMENTATION_PATTERN = `${RULE_ID}/implementation-unbounded-deadline`;
+const CALLSITE_PATTERN = `${RULE_ID}/callsite-far-future-deadline`;
+const PROVENANCE = 'issue-3710-erc2612-permit-future-dated-deadline';
+const FAR_FUTURE_THRESHOLD = 1n << 200n;
+class PermitFutureDatedDeadlineDetector {
+    id = RULE_ID;
+    patternKey = RULE_ID;
+    supportedAstKinds = ['parser'];
+    descriptor = {
+        id: RULE_ID,
+        shortDescription: 'ERC-2612 permit accepts a deadline with no explicit upper validity bound.',
+        helpUri: 'https://snovon.com/',
+        defaultSeverity: 'medium',
+        help: 'Bound accepted permit deadlines to a short TTL relative to block.timestamp and avoid forwarding max-uint deadline sentinels.',
+    };
+    currentFile = '';
+    currentContract = '';
+    currentFunction = '';
+    currentFunctionNode = null;
+    currentPermitImplementation = null;
+    findings = [];
+    setFile(file) {
+        this.currentFile = file;
+        this.currentContract = '';
+        this.currentFunction = '';
+        this.currentFunctionNode = null;
+        this.currentPermitImplementation = null;
+        this.findings = [];
+    }
+    getFindings() {
+        return this.findings;
+    }
+    ContractDefinition(node) {
+        if (!(0, ast_1.isNode)(node, 'ContractDefinition') || node.kind === 'interface') {
+            this.currentContract = '';
+            return;
+        }
+        this.currentContract = node.name || '<anonymous>';
+    }
+    ContractDefinition_post(_node) {
+        this.currentContract = '';
+    }
+    ['ContractDefinition:exit'](node) {
+        this.ContractDefinition_post(node);
+    }
+    FunctionDefinition(node) {
+        this.currentFunctionNode = (0, ast_1.isNode)(node, 'FunctionDefinition') ? node : null;
+        this.currentFunction = functionName(node);
+        this.currentPermitImplementation = null;
+        if (this.currentContract && isErc2612PermitImplementation(node)) {
+            this.currentPermitImplementation = {
+                node,
+                hasLowerBound: false,
+                hasUpperBound: false,
+            };
+        }
+    }
+    FunctionDefinition_post(_node) {
+        if (this.currentPermitImplementation &&
+            (!this.currentPermitImplementation.hasLowerBound || !this.currentPermitImplementation.hasUpperBound)) {
+            this.findings.push(this.makeImplementationFinding(this.currentPermitImplementation.node));
+        }
+        this.currentFunction = '';
+        this.currentFunctionNode = null;
+        this.currentPermitImplementation = null;
+    }
+    ['FunctionDefinition:exit'](node) {
+        this.FunctionDefinition_post(node);
+    }
+    FunctionCall(node) {
+        if (this.currentPermitImplementation && isRequireOrAssert(node.expression)) {
+            applyPassCondition(node.arguments?.[0], this.currentPermitImplementation);
+        }
+        if (!this.currentContract || !this.currentFunctionNode)
+            return;
+        if (!isErc2612PermitCall(node))
+            return;
+        const deadlineArg = permitDeadlineArgument(node);
+        if (!deadlineArg || !isFarFutureSentinel(deadlineArg))
+            return;
+        this.findings.push(this.makeCallsiteFinding(node));
+    }
+    IfStatement(node) {
+        if (!this.currentPermitImplementation)
+            return;
+        if (bodyAlwaysReverts(node.trueBody)) {
+            applyRejectCondition(node.condition, this.currentPermitImplementation);
+        }
+    }
+    makeImplementationFinding(fn) {
+        const loc = (0, ast_1.assertLoc)(fn);
+        const contractName = this.currentContract || '<anonymous>';
+        const fnName = functionName(fn);
+        return {
+            file: this.currentFile,
+            contract: contractName,
+            'function': fnName,
+            line: loc.line,
+            endLine: loc.endLine,
+            column: loc.column,
+            endColumn: loc.endColumn,
+            ruleId: RULE_ID,
+            pattern: IMPLEMENTATION_PATTERN,
+            severity: 'medium',
+            confidence: 'medium',
+            category: 'token-approval',
+            message: `ERC-2612 permit implementation '${contractName}.${fnName}' accepts deadlines without an explicit upper TTL bound.`,
+            rationale: 'A normal expiry check rejects past deadlines but still allows signatures whose deadline is arbitrarily far in the future, increasing approval-phishing and replay impact.',
+            suggestedFix: 'Require both deadline >= block.timestamp and deadline <= block.timestamp + a bounded permit TTL, or reject deadlines above that TTL with an if/revert guard.',
+            findingId: '',
+            contractHash: '',
+            contractName,
+            functionName: fnName,
+            sourceLocation: { line: loc.line, column: loc.column },
+            provenance: PROVENANCE,
+            source: PROVENANCE,
+        };
+    }
+    makeCallsiteFinding(call) {
+        const loc = (0, ast_1.assertLoc)(call, this.currentFunctionNode);
+        const contractName = this.currentContract || '<anonymous>';
+        const fnName = this.currentFunction || '<fallback>';
+        return {
+            file: this.currentFile,
+            contract: contractName,
+            'function': fnName,
+            line: loc.line,
+            endLine: loc.endLine,
+            column: loc.column,
+            endColumn: loc.endColumn,
+            ruleId: RULE_ID,
+            pattern: CALLSITE_PATTERN,
+            severity: 'medium',
+            confidence: 'medium',
+            category: 'token-approval',
+            message: `ERC-2612 permit call in '${contractName}.${fnName}' forwards an effectively unbounded deadline sentinel.`,
+            rationale: 'Passing a max-uint or extremely large deadline makes the approval signature valid indefinitely if the token accepts standard ERC-2612 semantics.',
+            suggestedFix: 'Pass a short relative deadline such as block.timestamp + 30 minutes instead of a max-value sentinel.',
+            findingId: '',
+            contractHash: '',
+            contractName,
+            functionName: fnName,
+            sourceLocation: { line: loc.line, column: loc.column },
+            provenance: PROVENANCE,
+            source: PROVENANCE,
+        };
+    }
+}
+exports.PermitFutureDatedDeadlineDetector = PermitFutureDatedDeadlineDetector;
+function isErc2612PermitImplementation(node) {
+    if (!(0, ast_1.isNode)(node, 'FunctionDefinition') || !node.body)
+        return false;
+    if (String(node.name || '').toLowerCase() !== 'permit')
+        return false;
+    const params = Array.isArray(node.parameters) ? node.parameters : [];
+    if (params.length !== 7)
+        return false;
+    return parameterName(params[3]) === 'deadline';
+}
+function isErc2612PermitCall(node) {
+    if (!(0, ast_1.isNode)(node, 'FunctionCall'))
+        return false;
+    if (getCallName(node).toLowerCase() !== 'permit')
+        return false;
+    return Array.isArray(node.arguments) && node.arguments.length === 7;
+}
+function permitDeadlineArgument(node) {
+    if (Array.isArray(node.names) && node.names.length > 0) {
+        const index = node.names.findIndex((name) => name === 'deadline');
+        return index >= 0 ? node.arguments?.[index] ?? null : null;
+    }
+    return node.arguments?.[3] ?? null;
+}
+function applyPassCondition(expr, guards) {
+    if (!expr || typeof expr !== 'object')
+        return;
+    if ((0, ast_1.isNode)(expr, 'BinaryOperation') && expr.operator === '&&') {
+        applyPassCondition(expr.left, guards);
+        applyPassCondition(expr.right, guards);
+        return;
+    }
+    if (!(0, ast_1.isNode)(expr, 'BinaryOperation'))
+        return;
+    const relation = classifyComparison(expr.left, expr.operator, expr.right);
+    if (relation === 'deadline-after-now')
+        guards.hasLowerBound = true;
+    if (relation === 'deadline-before-upper-bound')
+        guards.hasUpperBound = true;
+}
+function applyRejectCondition(expr, guards) {
+    if (!expr || typeof expr !== 'object')
+        return;
+    if ((0, ast_1.isNode)(expr, 'BinaryOperation') && expr.operator === '||') {
+        applyRejectCondition(expr.left, guards);
+        applyRejectCondition(expr.right, guards);
+        return;
+    }
+    if (!(0, ast_1.isNode)(expr, 'BinaryOperation'))
+        return;
+    const relation = classifyComparison(expr.left, expr.operator, expr.right);
+    if (relation === 'deadline-before-now')
+        guards.hasLowerBound = true;
+    if (relation === 'deadline-after-upper-bound')
+        guards.hasUpperBound = true;
+}
+function classifyComparison(left, operator, right) {
+    if (isDeadlineIdentifier(left) && isBlockTimestamp(right)) {
+        if (operator === '>=' || operator === '>')
+            return 'deadline-after-now';
+        if (operator === '<' || operator === '<=')
+            return 'deadline-before-now';
+    }
+    if (isBlockTimestamp(left) && isDeadlineIdentifier(right)) {
+        if (operator === '<=' || operator === '<')
+            return 'deadline-after-now';
+        if (operator === '>' || operator === '>=')
+            return 'deadline-before-now';
+    }
+    if (isDeadlineIdentifier(left) && isUpperBoundExpression(right)) {
+        if (operator === '<=' || operator === '<')
+            return 'deadline-before-upper-bound';
+        if (operator === '>' || operator === '>=')
+            return 'deadline-after-upper-bound';
+    }
+    if (isUpperBoundExpression(left) && isDeadlineIdentifier(right)) {
+        if (operator === '>=' || operator === '>')
+            return 'deadline-before-upper-bound';
+        if (operator === '<' || operator === '<=')
+            return 'deadline-after-upper-bound';
+    }
+    return null;
+}
+function bodyAlwaysReverts(node) {
+    if (!node)
+        return false;
+    if ((0, ast_1.isNode)(node, 'RevertStatement'))
+        return true;
+    if ((0, ast_1.isNode)(node, 'ExpressionStatement') && isRevertCall(node.expression))
+        return true;
+    if ((0, ast_1.isNode)(node, 'Block')) {
+        const statements = Array.isArray(node.statements) ? node.statements : [];
+        return statements.length > 0 && bodyAlwaysReverts(statements[0]);
+    }
+    return false;
+}
+function isRevertCall(node) {
+    return (0, ast_1.isNode)(node, 'FunctionCall') && getCallName(node).toLowerCase() === 'revert';
+}
+function isRequireOrAssert(node) {
+    const name = getCallName({ expression: node });
+    return name === 'require' || name === 'assert';
+}
+function isUpperBoundExpression(node) {
+    return containsBlockTimestamp(node) && !isBlockTimestamp(node);
+}
+function containsBlockTimestamp(node) {
+    if (!node || typeof node !== 'object')
+        return false;
+    if (isBlockTimestamp(node))
+        return true;
+    return Object.values(node).some(value => {
+        if (!value)
+            return false;
+        if (Array.isArray(value))
+            return value.some(containsBlockTimestamp);
+        return typeof value === 'object' && containsBlockTimestamp(value);
+    });
+}
+function isBlockTimestamp(node) {
+    return ((0, ast_1.isNode)(node, 'MemberAccess') &&
+        node.memberName === 'timestamp' &&
+        (0, ast_1.isNode)(node.expression, 'Identifier') &&
+        node.expression.name === 'block');
+}
+function isDeadlineIdentifier(node) {
+    return (0, ast_1.isNode)(node, 'Identifier') && node.name === 'deadline';
+}
+function isFarFutureSentinel(node) {
+    if (!node || typeof node !== 'object')
+        return false;
+    if (isUintMaxMember(node))
+        return true;
+    if (!(0, ast_1.isNode)(node, 'NumberLiteral') || node.subdenomination)
+        return false;
+    const value = numberLiteralToBigInt(node.number);
+    return value !== null && value >= FAR_FUTURE_THRESHOLD;
+}
+function isUintMaxMember(node) {
+    if (!(0, ast_1.isNode)(node, 'MemberAccess') || node.memberName !== 'max')
+        return false;
+    if (isUint256TypeName(node.expression))
+        return true;
+    const expr = node.expression;
+    return ((0, ast_1.isNode)(expr, 'FunctionCall') &&
+        getCallName(expr).toLowerCase() === 'type' &&
+        Array.isArray(expr.arguments) &&
+        expr.arguments.length === 1 &&
+        isUint256TypeName(expr.arguments[0]));
+}
+function isUint256TypeName(node) {
+    return (0, ast_1.isNode)(node, 'ElementaryTypeName') && String(node.name || '').toLowerCase() === 'uint256';
+}
+function numberLiteralToBigInt(value) {
+    if (typeof value !== 'string')
+        return null;
+    const normalized = value.replace(/_/g, '');
+    if (!/^(0x[0-9a-fA-F]+|[0-9]+)$/.test(normalized))
+        return null;
+    try {
+        return BigInt(normalized);
+    }
+    catch (_err) {
+        return null;
+    }
+}
+function getCallName(node) {
+    const expr = node?.expression || node;
+    if (!expr || typeof expr !== 'object')
+        return '';
+    if ((0, ast_1.isNode)(expr, 'Identifier'))
+        return expr.name || '';
+    if ((0, ast_1.isNode)(expr, 'MemberAccess'))
+        return expr.memberName || '';
+    if ((0, ast_1.isNode)(expr, 'NameValueExpression'))
+        return getCallName(expr.expression);
+    return '';
+}
+function functionName(node) {
+    return node?.name || (node?.isConstructor ? '<constructor>' : '<fallback>');
+}
+function parameterName(param) {
+    return param?.name || param?.identifier?.name || '';
+}
+//# sourceMappingURL=permit-future-dated-deadline.js.map

package/dist/detectors/phishing-attack-bybit.d.ts

@@ -0,0 +1,37 @@
+import type { ScanResult } from '../index';
+export declare class PhishingAttackBybitDetector {
+    readonly id = "phishing-attack-bybit";
+    readonly patternKey = "phishing-attack-bybit";
+    readonly supportedAstKinds: "parser"[];
+    private findings;
+    private currentFile;
+    private currentContract;
+    private currentFunction;
+    private currentGuarded;
+    private currentAliases;
+    private currentConstrainedTargets;
+    private stateVariables;
+    private immutableOrConstantState;
+    private untrustedStateVariables;
+    private functions;
+    private directSinks;
+    private internalSinks;
+    private reported;
+    setFile(file: string): void;
+    getFindings(): ScanResult[];
+    ContractDefinition(node: any): void;
+    ContractDefinition_post(_node: any): void;
+    'ContractDefinition:exit'(node: any): void;
+    StateVariableDeclaration(node: any): void;
+    FunctionDefinition(node: any): void;
+    FunctionDefinition_post(_node: any): void;
+    'FunctionDefinition:exit'(node: any): void;
+    VariableDeclarationStatement(node: any): void;
+    ExpressionStatement(node: any): void;
+    FunctionCall(node: any): void;
+    private recordInlineGuard;
+    private recordTargetConstraint;
+    private recordAssignment;
+    private resolveInternalHelperSinks;
+    private maybeReport;
+}