@snovon/solast 0.2.0

package/dist/detectors/wrong-function-visibility.js

@@ -0,0 +1,147 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.WrongFunctionVisibilityDetector = void 0;
+const access_control_1 = require("./_common/access-control");
+const ast_1 = require("./_common/ast");
+const RULE_ID = 'wrong-function-visibility';
+const PATTERN = 'wrong-function-visibility/external-internal-token-primitive';
+const EXTERNALLY_CALLABLE = new Set(['public', 'external']);
+const TOKEN_PRIMITIVES = new Set(['_transfer', '_mint', '_burn']);
+const TOKEN_ACCOUNTING_NAMES = new Set([
+    'account',
+    'accounts',
+    'balance',
+    'balances',
+    'balanceof',
+    '_balances',
+    '_balanceof',
+    'supply',
+    'totalsupply',
+    '_totalsupply',
+]);
+const ASSIGNMENT_OPERATORS = new Set(['=', '+=', '-=', '*=', '/=', '%=', '|=', '&=', '^=', '<<=', '>>=']);
+function isTokenAccountingName(name) {
+    return TOKEN_ACCOUNTING_NAMES.has(String(name || '').toLowerCase());
+}
+class WrongFunctionVisibilityDetector {
+    id = RULE_ID;
+    patternKey = RULE_ID;
+    supportedAstKinds = ['parser'];
+    descriptor = {
+        id: RULE_ID,
+        shortDescription: 'Externally callable internal-style token primitive lacks authorization.',
+        helpUri: 'https://snovon.com/',
+        defaultSeverity: 'high',
+        help: 'Flags public or external _transfer, _mint, or _burn implementations that mutate token accounting without a recognized access-control modifier or inline caller authorization check.',
+    };
+    currentFile = '';
+    currentContract = '';
+    findings = [];
+    fn = null;
+    setFile(file) {
+        this.currentFile = file;
+        this.currentContract = '';
+        this.findings = [];
+        this.fn = null;
+    }
+    getFindings() {
+        return this.findings;
+    }
+    ContractDefinition(node) {
+        this.currentContract = String(node?.name || '<anonymous>');
+    }
+    ContractDefinition_post() {
+        this.currentContract = '';
+    }
+    FunctionDefinition(node) {
+        this.fn = null;
+        const name = String(node?.name || '');
+        const visibility = String(node?.visibility || '');
+        if (!TOKEN_PRIMITIVES.has(name))
+            return;
+        if (!EXTERNALLY_CALLABLE.has(visibility))
+            return;
+        if (!node?.body)
+            return;
+        this.fn = {
+            node,
+            name,
+            guarded: (0, access_control_1.hasRecognisedAccessControlModifier)(node),
+            sawInlineAccessControl: false,
+            firstUnguardedMutation: null,
+        };
+    }
+    FunctionDefinition_post() {
+        if (this.fn && !this.fn.guarded && this.fn.firstUnguardedMutation) {
+            this.findings.push(this.makeFinding(this.fn, this.fn.firstUnguardedMutation));
+        }
+        this.fn = null;
+    }
+    FunctionCall(node) {
+        if (!this.fn || this.fn.guarded || this.fn.firstUnguardedMutation)
+            return;
+        const callee = (0, access_control_1.getCalleeNameDefault)(node).toLowerCase();
+        const tail = callee.includes('.') ? callee.split('.').pop() || callee : callee;
+        if (tail !== 'require' && tail !== 'assert')
+            return;
+        const condition = node?.arguments?.[0];
+        if ((0, access_control_1.requireExpressesAccessControl)(condition, access_control_1.isPrivilegedIdentifier, access_control_1.getCalleeNameDefault)) {
+            this.fn.sawInlineAccessControl = true;
+        }
+    }
+    BinaryOperation(node) {
+        this.observeAssignment(node);
+    }
+    Assignment(node) {
+        this.observeAssignment(node);
+    }
+    observeAssignment(node) {
+        if (!this.fn || this.fn.guarded || this.fn.firstUnguardedMutation)
+            return;
+        const operator = String(node?.operator || '');
+        if (!ASSIGNMENT_OPERATORS.has(operator))
+            return;
+        const left = node?.left || node?.leftExpression;
+        if (!(0, access_control_1.isPrivilegedReference)(left, isTokenAccountingName))
+            return;
+        if (this.fn.sawInlineAccessControl)
+            return;
+        this.fn.firstUnguardedMutation = node;
+    }
+    makeFinding(state, node) {
+        const loc = (0, ast_1.assertLoc)(node, state.node);
+        const contractName = this.currentContract || '<anonymous>';
+        const functionName = state.name;
+        return {
+            file: this.currentFile,
+            contract: contractName,
+            'function': functionName,
+            line: loc.line,
+            endLine: loc.endLine,
+            column: loc.column,
+            endColumn: loc.endColumn,
+            ruleId: RULE_ID,
+            pattern: PATTERN,
+            severity: 'high',
+            confidence: 'high',
+            category: 'access-control',
+            message: `Wrong function visibility in '${contractName}.${functionName}': an internal-style token primitive is ${this.visibilityOf(state.node)} and mutates token accounting without caller authorization.`,
+            rationale: 'Public or external underscore token primitives let arbitrary callers move, mint, or burn balances unless guarded by owner, role, allowance, or equivalent caller authorization.',
+            suggestedFix: 'Make the primitive internal/private, or add a recognized access-control modifier or inline caller authorization check before mutating token accounting.',
+            findingId: '',
+            contractHash: '',
+            contractName,
+            functionName,
+            sourceLocation: { line: loc.line, column: loc.column },
+        };
+    }
+    visibilityOf(node) {
+        const visibility = String(node?.visibility || '');
+        return visibility || 'externally callable';
+    }
+}
+exports.WrongFunctionVisibilityDetector = WrongFunctionVisibilityDetector;
+const proto = WrongFunctionVisibilityDetector.prototype;
+proto['ContractDefinition:exit'] = proto.ContractDefinition_post;
+proto['FunctionDefinition:exit'] = proto.FunctionDefinition_post;
+//# sourceMappingURL=wrong-function-visibility.js.map

package/dist/detectors/wrong-price-calculation.d.ts

@@ -0,0 +1,42 @@
+import type { ScanResult } from '../index';
+export declare class WrongPriceCalculationDetector {
+    readonly id = "wrong-price-calculation";
+    readonly patternKey = "wrong-price-calculation";
+    readonly supportedAstKinds: "parser"[];
+    readonly descriptor: {
+        id: string;
+        shortDescription: string;
+        helpUri: string;
+        defaultSeverity: "high";
+        help: string;
+    };
+    private currentFile;
+    private findings;
+    private contractStack;
+    private currentFunction;
+    setFile(file: string): void;
+    getFindings(): ScanResult[];
+    ContractDefinition(node: any): void;
+    ['ContractDefinition:exit'](): void;
+    FunctionDefinition(node: any): void;
+    ['FunctionDefinition:exit'](node: any): void;
+    Identifier(node: any): void;
+    FunctionCall(node: any): void;
+    ['FunctionCall:exit'](node: any): void;
+    ['VariableDeclarationStatement:exit'](node: any): void;
+    ['Assignment:exit'](node: any): void;
+    ['BinaryOperation:exit'](node: any): void;
+    ['ReturnStatement:exit'](node: any): void;
+    ['UnaryOperation:exit'](node: any): void;
+    ['TypeConversion:exit'](node: any): void;
+    ['MemberAccess:exit'](node: any): void;
+    ['IndexAccess:exit'](node: any): void;
+    ['TupleExpression:exit'](node: any): void;
+    ['Conditional:exit'](node: any): void;
+    private recordAssignment;
+    private conditionBoundsSpotRatio;
+    private isSpotToReferenceComparison;
+    private nodeInfo;
+    private setNode;
+    private addFinding;
+}

package/dist/detectors/wrong-price-calculation.js

@@ -0,0 +1,387 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.WrongPriceCalculationDetector = void 0;
+const ast_1 = require("./_common/ast");
+const price_rate_1 = require("./_common/price-rate");
+const RULE_ID = 'wrong-price-calculation';
+const PATTERN = `${RULE_ID}/single-pair-spot-ratio`;
+const EMPTY = { spot: false, ratio: false, reference: false };
+const ASSIGNMENT_OPERATORS = new Set(['=', '+=', '-=', '*=', '/=', '%=']);
+const REFERENCE_CALLS = new Set([
+    ...price_rate_1.TWAP_PRICE_SOURCE_CALL_NAMES,
+    'latestRoundData',
+    'latestAnswer',
+    'price0CumulativeLast',
+    'price1CumulativeLast',
+]);
+class WrongPriceCalculationDetector {
+    id = RULE_ID;
+    patternKey = RULE_ID;
+    supportedAstKinds = ['parser'];
+    descriptor = {
+        id: RULE_ID,
+        shortDescription: 'Single-pair AMM spot reserves or pair balances are used as a price without a TWAP or reference bound.',
+        helpUri: 'https://snovon.com/',
+        defaultSeverity: 'high',
+        help: 'Flags price, quote, value, rate, swap, or mint/accounting functions that compute a live reserve or pair-balance ratio without bounding it against a TWAP or independent oracle.',
+    };
+    currentFile = '';
+    findings = [];
+    contractStack = [];
+    currentFunction = null;
+    setFile(file) {
+        this.currentFile = file;
+        this.findings = [];
+        this.contractStack = [];
+        this.currentFunction = null;
+    }
+    getFindings() {
+        return this.findings;
+    }
+    ContractDefinition(node) {
+        if (node?.kind === 'interface') {
+            this.contractStack.push('');
+            return;
+        }
+        this.contractStack.push(typeof node?.name === 'string' && node.name ? node.name : '<anonymous>');
+    }
+    ['ContractDefinition:exit']() {
+        this.contractStack.pop();
+    }
+    FunctionDefinition(node) {
+        this.currentFunction = null;
+        if (!(0, ast_1.isNode)(node, 'FunctionDefinition') || !node.body)
+            return;
+        this.currentFunction = {
+            node,
+            name: typeof node.name === 'string' && node.name ? node.name : '<anonymous>',
+            returnVars: new Set((node.returnParameters || [])
+                .map((param) => typeof param?.name === 'string' ? param.name : '')
+                .filter((name) => name.length > 0)),
+            vars: new Map(),
+            nodes: new Map(),
+            referenceBoundNodes: [],
+            findingNode: null,
+        };
+    }
+    ['FunctionDefinition:exit'](node) {
+        const fn = this.currentFunction;
+        if (!fn || fn.node !== node)
+            return;
+        if (fn.findingNode && !hasReferenceBoundBefore(fn, fn.findingNode))
+            this.addFinding(fn, fn.findingNode);
+        this.currentFunction = null;
+    }
+    Identifier(node) {
+        const fn = this.currentFunction;
+        if (!fn || typeof node?.name !== 'string')
+            return;
+        this.setNode(node, fn.vars.get(node.name) || EMPTY);
+    }
+    FunctionCall(node) {
+        const fn = this.currentFunction;
+        if (!fn)
+            return;
+        const name = (0, price_rate_1.getCalleeName)(node.expression);
+        if (isSpotSourceCall(name, node))
+            this.setNode(node, { spot: true, ratio: false, reference: false });
+        if (REFERENCE_CALLS.has(name))
+            this.setNode(node, { spot: false, ratio: false, reference: true });
+    }
+    ['FunctionCall:exit'](node) {
+        const fn = this.currentFunction;
+        if (!fn)
+            return;
+        const name = (0, price_rate_1.getCalleeName)(node.expression);
+        let provenance = this.nodeInfo(node);
+        if (isSpotSourceCall(name, node))
+            provenance = merge(provenance, { spot: true, ratio: false, reference: false });
+        if (REFERENCE_CALLS.has(name))
+            provenance = merge(provenance, { spot: false, ratio: false, reference: true });
+        for (const arg of node.arguments || [])
+            provenance = merge(provenance, this.nodeInfo(arg));
+        this.setNode(node, provenance);
+        if ((name === 'require' || name === 'assert') && this.conditionBoundsSpotRatio(node.arguments?.[0])) {
+            fn.referenceBoundNodes.push(node);
+            return;
+        }
+        if (!fn.findingNode && (0, price_rate_1.isCriticalValueTransferFunctionName)(name)) {
+            for (const arg of node.arguments || []) {
+                if (this.nodeInfo(arg).ratio) {
+                    fn.findingNode = node;
+                    return;
+                }
+            }
+        }
+    }
+    ['VariableDeclarationStatement:exit'](node) {
+        const fn = this.currentFunction;
+        if (!fn)
+            return;
+        const provenance = this.nodeInfo(node.initialValue);
+        if (!hasInfo(provenance))
+            return;
+        for (const variable of declaredVariables(node)) {
+            if (typeof variable?.name === 'string' && variable.name) {
+                fn.vars.set(variable.name, merge(fn.vars.get(variable.name) || EMPTY, provenance));
+            }
+        }
+        this.setNode(node, provenance);
+    }
+    ['Assignment:exit'](node) {
+        this.recordAssignment(node.leftHandSide ?? node.left, node.rightHandSide ?? node.right, node);
+    }
+    ['BinaryOperation:exit'](node) {
+        const left = node.left ?? node.leftExpression ?? node.leftHandSide;
+        const right = node.right ?? node.rightExpression ?? node.rightHandSide;
+        if (ASSIGNMENT_OPERATORS.has(node.operator)) {
+            this.recordAssignment(left, right, node);
+            return;
+        }
+        const leftInfo = this.nodeInfo(left);
+        const rightInfo = this.nodeInfo(right);
+        const ratio = node.operator === '/' && expressionContainsSpot(leftInfo) && expressionContainsSpot(rightInfo);
+        this.setNode(node, merge(leftInfo, rightInfo, { spot: false, ratio, reference: false }));
+    }
+    ['ReturnStatement:exit'](node) {
+        const fn = this.currentFunction;
+        if (!fn || fn.findingNode || !isPriceLikeFunctionName(fn.name))
+            return;
+        const expr = node.expression ?? node.argument;
+        if (this.nodeInfo(expr).ratio)
+            fn.findingNode = node;
+    }
+    ['UnaryOperation:exit'](node) {
+        this.setNode(node, this.nodeInfo(node.subExpression));
+    }
+    ['TypeConversion:exit'](node) {
+        this.setNode(node, merge(...(node.arguments || []).map((arg) => this.nodeInfo(arg))));
+    }
+    ['MemberAccess:exit'](node) {
+        this.setNode(node, this.nodeInfo(node.expression));
+    }
+    ['IndexAccess:exit'](node) {
+        this.setNode(node, merge(this.nodeInfo(node.base), this.nodeInfo(node.index)));
+    }
+    ['TupleExpression:exit'](node) {
+        this.setNode(node, merge(...(node.components || []).map((component) => this.nodeInfo(component))));
+    }
+    ['Conditional:exit'](node) {
+        this.setNode(node, merge(this.nodeInfo(node.trueExpression), this.nodeInfo(node.falseExpression)));
+    }
+    recordAssignment(left, right, node) {
+        const fn = this.currentFunction;
+        if (!fn)
+            return;
+        const provenance = this.nodeInfo(right);
+        if (!hasInfo(provenance))
+            return;
+        for (const name of assignmentTargets(left)) {
+            fn.vars.set(name, merge(fn.vars.get(name) || EMPTY, provenance));
+        }
+        this.setNode(node, provenance);
+        if (!fn.findingNode && provenance.ratio && (isStateOrAccountingTarget(left) ||
+            (isPriceLikeFunctionName(fn.name) && assignmentTargets(left).some(name => fn.returnVars.has(name))))) {
+            fn.findingNode = node;
+        }
+    }
+    conditionBoundsSpotRatio(condition) {
+        const fn = this.currentFunction;
+        if (!fn || !condition)
+            return false;
+        if ((0, ast_1.isNode)(condition, 'FunctionCall')) {
+            const name = (0, price_rate_1.getCalleeName)(condition.expression);
+            if ((name === 'require' || name === 'assert') && condition.arguments?.[0]) {
+                return this.conditionBoundsSpotRatio(condition.arguments[0]);
+            }
+        }
+        if ((0, ast_1.isNode)(condition, 'BinaryOperation') && condition.operator === '&&') {
+            const parts = flattenAnd(condition);
+            return parts.some(part => this.isSpotToReferenceComparison(part)) &&
+                parts.some(part => this.isSpotToReferenceComparison(part, true));
+        }
+        return this.isSpotToReferenceComparison(condition);
+    }
+    isSpotToReferenceComparison(node, lowerBound = false) {
+        if (!(0, ast_1.isNode)(node, 'BinaryOperation') || !['<', '<=', '>', '>=', '=='].includes(node.operator))
+            return false;
+        const left = node.left ?? node.leftExpression;
+        const right = node.right ?? node.rightExpression;
+        const leftInfo = this.nodeInfo(left);
+        const rightInfo = this.nodeInfo(right);
+        if (!(leftInfo.ratio && rightInfo.reference) && !(rightInfo.ratio && leftInfo.reference))
+            return false;
+        if (!lowerBound)
+            return true;
+        if (leftInfo.ratio)
+            return node.operator === '>' || node.operator === '>=';
+        return node.operator === '<' || node.operator === '<=';
+    }
+    nodeInfo(node) {
+        const fn = this.currentFunction;
+        if (!fn || !node || typeof node !== 'object')
+            return EMPTY;
+        return fn.nodes.get(node) || EMPTY;
+    }
+    setNode(node, provenance) {
+        const fn = this.currentFunction;
+        if (!fn || !node || typeof node !== 'object' || !hasInfo(provenance))
+            return;
+        fn.nodes.set(node, provenance);
+    }
+    addFinding(fn, node) {
+        const loc = (0, ast_1.assertLoc)(node, fn.node);
+        const contract = this.contractStack[this.contractStack.length - 1] || '<anonymous>';
+        this.findings.push({
+            file: this.currentFile,
+            contract,
+            'function': fn.name,
+            line: loc.line,
+            endLine: loc.endLine,
+            column: loc.column,
+            endColumn: loc.endColumn,
+            ruleId: RULE_ID,
+            pattern: PATTERN,
+            severity: 'high',
+            confidence: 'high',
+            category: 'logic-flaw',
+            message: `Wrong price calculation in function '${fn.name}': live AMM reserves or pair balances form a price without a TWAP or reference bound.`,
+            rationale: 'Single-pair spot reserve and pair-balance ratios can be manipulated in the same transaction before price, quote, mint, swap, or accounting logic consumes them.',
+            suggestedFix: 'Use a TWAP or independent oracle, or bound the spot ratio against a reference value before returning it or using it for settlement/accounting.',
+            findingId: '',
+            contractHash: '',
+            contractName: contract,
+            functionName: fn.name,
+            sourceLocation: { line: loc.line, column: loc.column },
+        });
+    }
+}
+exports.WrongPriceCalculationDetector = WrongPriceCalculationDetector;
+function isSpotSourceCall(name, node) {
+    if (name === 'balanceOf')
+        return isPairBalanceOf(node);
+    return price_rate_1.AMM_SPOT_SOURCE_CALL_NAMES.has(name);
+}
+function isPairBalanceOf(node) {
+    const arg = node?.arguments?.[0];
+    if (!arg)
+        return false;
+    const names = namesIn(arg).map(name => name.toLowerCase());
+    return names.some(name => name === 'pair' || name.endsWith('pair') || name.includes('pool'));
+}
+function isPriceLikeFunctionName(name) {
+    if ((0, price_rate_1.isPriceRateLikeIdentifier)(name))
+        return true;
+    return (0, price_rate_1.splitCamelTokens)(name).some(token => token === 'quote' || token === 'value');
+}
+function expressionContainsSpot(info) {
+    return info.spot || info.ratio;
+}
+function merge(...items) {
+    return {
+        spot: items.some(item => item.spot),
+        ratio: items.some(item => item.ratio),
+        reference: items.some(item => item.reference),
+    };
+}
+function hasInfo(info) {
+    return info.spot || info.ratio || info.reference;
+}
+function hasReferenceBoundBefore(fn, findingNode) {
+    return fn.referenceBoundNodes.some(boundNode => nodeStartsBefore(boundNode, findingNode));
+}
+function nodeStartsBefore(left, right) {
+    const leftStart = startPosition(left);
+    const rightStart = startPosition(right);
+    if (!leftStart || !rightStart)
+        return false;
+    if (leftStart.line !== rightStart.line)
+        return leftStart.line < rightStart.line;
+    return leftStart.column < rightStart.column;
+}
+function startPosition(node) {
+    const line = node?.loc?.start?.line;
+    if (typeof line !== 'number' || line <= 0)
+        return null;
+    const column = typeof node?.loc?.start?.column === 'number' && node.loc.start.column >= 0
+        ? node.loc.start.column
+        : 0;
+    return { line, column };
+}
+function declaredVariables(node) {
+    if (Array.isArray(node?.variables))
+        return node.variables.filter(Boolean);
+    if (Array.isArray(node?.declarations))
+        return node.declarations.filter(Boolean);
+    return [];
+}
+function assignmentTargets(node) {
+    if (!node || typeof node !== 'object')
+        return [];
+    if (((0, ast_1.isNode)(node, 'Identifier') || (0, ast_1.isNode)(node, 'VariableDeclaration')) && typeof node.name === 'string') {
+        return [node.name];
+    }
+    if ((0, ast_1.isNode)(node, 'TupleExpression')) {
+        return (node.components || []).flatMap((component) => assignmentTargets(component));
+    }
+    if ((0, ast_1.isNode)(node, 'IndexAccess'))
+        return assignmentTargets(node.base);
+    if ((0, ast_1.isNode)(node, 'MemberAccess'))
+        return assignmentTargets(node.expression);
+    return [];
+}
+function isStateOrAccountingTarget(node) {
+    if (!node || typeof node !== 'object')
+        return false;
+    if ((0, ast_1.isNode)(node, 'IndexAccess') || (0, ast_1.isNode)(node, 'MemberAccess'))
+        return true;
+    if ((0, ast_1.isNode)(node, 'Identifier')) {
+        const tokens = (0, price_rate_1.splitCamelTokens)(node.name || '');
+        return tokens.some(token => token === 'share' || token === 'shares' || token === 'balance' || token === 'balances');
+    }
+    if ((0, ast_1.isNode)(node, 'TupleExpression'))
+        return (node.components || []).some((component) => isStateOrAccountingTarget(component));
+    return false;
+}
+function flattenAnd(node) {
+    if ((0, ast_1.isNode)(node, 'BinaryOperation') && node.operator === '&&') {
+        return [
+            ...flattenAnd(node.left ?? node.leftExpression),
+            ...flattenAnd(node.right ?? node.rightExpression),
+        ];
+    }
+    return [node];
+}
+function namesIn(node) {
+    const names = [];
+    const visit = (current) => {
+        if (!current || typeof current !== 'object')
+            return;
+        if ((0, ast_1.isNode)(current, 'Identifier') && typeof current.name === 'string')
+            names.push(current.name);
+        if ((0, ast_1.isNode)(current, 'MemberAccess') && typeof current.memberName === 'string')
+            names.push(current.memberName);
+        for (const child of childNodes(current))
+            visit(child);
+    };
+    visit(node);
+    return names;
+}
+function childNodes(node) {
+    const children = [];
+    for (const [key, value] of Object.entries(node || {})) {
+        if (key === 'loc' || key === 'range' || key === 'type' || key === 'nodeType')
+            continue;
+        if (Array.isArray(value)) {
+            for (const item of value) {
+                if (item && typeof item === 'object')
+                    children.push(item);
+            }
+        }
+        else if (value && typeof value === 'object') {
+            children.push(value);
+        }
+    }
+    return children;
+}
+//# sourceMappingURL=wrong-price-calculation.js.map

package/dist/detectors/yearn-vault-v2-share-price-manipulation.d.ts

@@ -0,0 +1,32 @@
+import type { ScanResult } from '../index';
+export declare class YearnVaultV2SharePriceManipulationDetector {
+    readonly id = "yearn-vault-v2-share-price-manipulation";
+    readonly patternKey = "yearn-vault-v2-share-price-manipulation";
+    readonly supportedAstKinds: "parser"[];
+    private currentFile;
+    private currentContract;
+    private currentFunction;
+    private currentFunctionNode;
+    private unsafeFnsByContract;
+    private potentialFindings;
+    private findings;
+    setFile(file: string): void;
+    getFindings(): ScanResult[];
+    ContractDefinition(node: any): void;
+    ContractDefinition_post(): void;
+    FunctionDefinition(node: any): void;
+    FunctionDefinition_post(): void;
+    BinaryOperation(node: any): void;
+    FunctionCall(node: any): void;
+    MemberAccess(node: any): void;
+    private markCurrentFnUnsafe;
+    private isAddressThis;
+    private isConversionFunction;
+    private isTotalSupplyCall;
+    private isMultiplication;
+    private containsUnsafeBalanceRead;
+    private isDirectUnsafeBalanceRead;
+    private stripTuple;
+    private walk;
+    private children;
+}