@snovon/solast 0.2.0

package/dist/detectors/bad-debt-propagation.js

@@ -0,0 +1,480 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BadDebtPropagationDetector = void 0;
+const RULE_ID = 'bad-debt-propagation';
+const PATTERN_AAVE_UNBOUNDED = `${RULE_ID}/aave-unbounded-market`;
+const PATTERN_COMPOUND_UNBOUNDED = `${RULE_ID}/compound-unbounded-market`;
+const BPS_HIGH_LTV = 9000n;
+const BPS_FULL_THRESHOLD = 9500n;
+const BPS_NO_LIQUIDATION_BUFFER = 10000n;
+const WAD_HIGH_COLLATERAL_FACTOR = 900000000000000000n;
+const WAD_NO_LIQUIDATION_BUFFER = 1000000000000000000n;
+const WAD_LOW_CLOSE_FACTOR = 250000000000000000n;
+class BadDebtPropagationDetector {
+    id = RULE_ID;
+    patternKey = RULE_ID;
+    supportedAstKinds = ['parser', 'solc'];
+    scanAst(ast, file, sourceText) {
+        if (!ast || typeof ast !== 'object')
+            return [];
+        const lineOffsets = buildLineOffsets(sourceText);
+        const findings = [];
+        for (const contract of collectContracts(ast)) {
+            if (isInterfaceLike(contract))
+                continue;
+            const contractName = getNodeName(contract) || '<anonymous>';
+            for (const fn of getContractFunctions(contract)) {
+                const body = getFunctionBody(fn);
+                if (!body)
+                    continue;
+                const functionName = getNodeName(fn) || '<anonymous>';
+                findings.push(...this.analyzeFunction(body, file, contractName, functionName, lineOffsets));
+            }
+        }
+        return findings;
+    }
+    analyzeFunction(body, file, contractName, functionName, lineOffsets) {
+        const markets = new Map();
+        const localStructs = new Map();
+        const globalCompoundRisk = [];
+        walk(body, node => {
+            if (isNode(node, 'VariableDeclarationStatement')) {
+                this.recordStructLocal(node, localStructs, lineOffsets);
+                return;
+            }
+            if (isNode(node, 'FunctionCall')) {
+                this.recordCall(node, markets, globalCompoundRisk, lineOffsets);
+                return;
+            }
+            if (isAssignment(node)) {
+                this.recordAssignment(node, markets, localStructs, lineOffsets);
+            }
+        });
+        if (globalCompoundRisk.length > 0) {
+            for (const market of markets.values()) {
+                if (market.enabled.some(path => path.includes('_supportMarket'))) {
+                    market.risky.push(...globalCompoundRisk);
+                }
+            }
+        }
+        const findings = [];
+        for (const market of markets.values()) {
+            if (market.enabled.length === 0 || market.risky.length === 0)
+                continue;
+            const missingBounds = this.missingOrUnboundedCaps(market);
+            if (missingBounds.length === 0)
+                continue;
+            const path = [...market.enabled, ...market.risky, ...Array.from(market.caps.values()).map(c => c.text)].join(' -> ');
+            const isCompound = market.enabled.some(p => p.includes('_supportMarket')) ||
+                market.risky.some(p => p.includes('_setCollateralFactor') || p.includes('_setCloseFactor'));
+            const pattern = isCompound ? PATTERN_COMPOUND_UNBOUNDED : PATTERN_AAVE_UNBOUNDED;
+            findings.push({
+                file,
+                contract: contractName,
+                'function': functionName,
+                line: market.loc.line,
+                endLine: market.loc.line,
+                column: market.loc.column,
+                pattern,
+                confidence: 'high',
+                ruleId: RULE_ID,
+                severity: 'high',
+                message: `Bad-debt propagation risk in ${contractName}.${functionName}: market ${market.market} is enabled with risky liquidation/collateral parameters and ${missingBounds.join(', ')} unset or unbounded.`,
+                contractName,
+                functionName,
+                sourceLocation: { line: market.loc.line, column: market.loc.column },
+                trace: path,
+                rationale: `Affected market/asset: ${market.market}. Risky parameter path: ${path}. Review supply caps, borrow caps, debt ceiling, close factor, and liquidation bonus/incentive before listing this market.`,
+                suggestedFix: 'Review and bound supply caps, borrow caps, debt ceiling, and liquidation parameters so insolvency cannot propagate after partial liquidation.',
+                findingId: '',
+                contractHash: '',
+            });
+        }
+        return findings;
+    }
+    recordStructLocal(node, localStructs, lineOffsets) {
+        const name = getDeclaredVariableName(node);
+        if (!name)
+            return;
+        const init = node.initialValue || node.value;
+        const config = parseReserveConfig(init, name, getLoc(node, lineOffsets) || { line: 0, column: 0 });
+        if (config)
+            localStructs.set(name, config);
+    }
+    recordCall(node, markets, globalCompoundRisk, lineOffsets) {
+        const method = getCallMethod(node);
+        if (!method)
+            return;
+        const args = getCallArgs(node);
+        const loc = getLoc(node, lineOffsets) || { line: 0, column: 0 };
+        if (method === 'setReserveBorrowing') {
+            const market = exprText(args[0]);
+            if (!market || boolValue(args[1]) !== true)
+                return;
+            this.market(markets, market, loc).enabled.push(`${method}(${market},true)`);
+            return;
+        }
+        if (method === '_supportMarket') {
+            const market = exprText(args[0]);
+            if (!market)
+                return;
+            this.market(markets, market, loc).enabled.push(`${method}(${market})`);
+            return;
+        }
+        if (method === 'configureReserveAsCollateral') {
+            const market = exprText(args[0]);
+            if (!market)
+                return;
+            const ltv = intValue(args[1]);
+            const liquidationThreshold = intValue(args[2]);
+            const liquidationBonus = intValue(args[3]);
+            if (isRiskyAaveParams(ltv, liquidationThreshold, liquidationBonus)) {
+                this.market(markets, market, loc).risky.push(`${method}(${market},${numText(args[1])},${numText(args[2])},${numText(args[3])})`);
+            }
+            return;
+        }
+        if (method === 'setSupplyCap' || method === 'setBorrowCap' || method === 'setDebtCeiling') {
+            const market = exprText(args[0]);
+            if (!market)
+                return;
+            const capName = capNameForMethod(method);
+            if (!capName)
+                return;
+            this.market(markets, market, loc).caps.set(capName, {
+                bounded: isBoundedCap(args[1]),
+                text: `${method}(${market},${numText(args[1])})`,
+            });
+            return;
+        }
+        if (method === '_setCollateralFactor') {
+            const market = exprText(args[0]);
+            if (!market)
+                return;
+            const factor = intValue(args[1]);
+            if (factor !== null && factor >= WAD_HIGH_COLLATERAL_FACTOR) {
+                this.market(markets, market, loc).risky.push(`${method}(${market},${numText(args[1])})`);
+            }
+            return;
+        }
+        if (method === '_setLiquidationIncentive') {
+            const market = args.length > 1 ? exprText(args[0]) : '';
+            const incentiveArg = args.length > 1 ? args[1] : args[0];
+            const incentive = intValue(incentiveArg);
+            if (incentive !== null && incentive <= WAD_NO_LIQUIDATION_BUFFER) {
+                const text = market ? `${method}(${market},${numText(incentiveArg)})` : `${method}(...,${numText(incentiveArg)})`;
+                if (market) {
+                    this.market(markets, market, loc).risky.push(text);
+                }
+                else {
+                    globalCompoundRisk.push(text);
+                }
+            }
+            return;
+        }
+        if (method === '_setCloseFactor') {
+            const market = args.length > 1 ? exprText(args[0]) : '';
+            const closeFactorArg = args[args.length - 1];
+            const closeFactor = intValue(closeFactorArg);
+            if (closeFactor !== null && closeFactor <= WAD_LOW_CLOSE_FACTOR) {
+                const text = market ? `${method}(${market},${numText(closeFactorArg)})` : `${method}(...,${numText(closeFactorArg)})`;
+                if (market) {
+                    this.market(markets, market, loc).risky.push(text);
+                }
+                else {
+                    globalCompoundRisk.push(text);
+                }
+            }
+        }
+    }
+    recordAssignment(node, markets, localStructs, lineOffsets) {
+        const left = node.left || node.leftHandSide;
+        const right = node.right || node.rightHandSide;
+        const loc = getLoc(node, lineOffsets) || { line: 0, column: 0 };
+        const indexed = indexAccessText(left);
+        if (!indexed)
+            return;
+        const struct = isIdentifier(right) ? localStructs.get(right.name) : parseReserveConfig(right, exprText(left) || indexed.path, loc);
+        if (struct) {
+            const market = this.market(markets, indexed.index, loc);
+            if (struct.risky)
+                market.risky.push(`${indexed.path}:${struct.path}`);
+            for (const [capName, cap] of struct.caps) {
+                market.caps.set(capName, { ...cap, text: `${indexed.path}.${cap.text}` });
+            }
+            return;
+        }
+        if (indexed.base === 'borrowCaps') {
+            this.market(markets, indexed.index, loc).caps.set('borrowCap', {
+                bounded: isBoundedCap(right),
+                text: `${indexed.path}=${numText(right)}`,
+            });
+        }
+    }
+    market(markets, market, loc) {
+        const existing = markets.get(market);
+        if (existing) {
+            if (existing.loc.line === 0)
+                existing.loc = loc;
+            return existing;
+        }
+        const created = { market, enabled: [], risky: [], caps: new Map(), loc };
+        markets.set(market, created);
+        return created;
+    }
+    missingOrUnboundedCaps(market) {
+        const hasAave = market.risky.some(p => p.includes('configureReserveAsCollateral') || p.includes('liquidationThreshold'));
+        if (hasAave) {
+            return ['supplyCap', 'borrowCap', 'debtCeiling'].filter(name => market.caps.get(name)?.bounded !== true);
+        }
+        return market.caps.get('borrowCap')?.bounded === true ? [] : ['borrowCap'];
+    }
+}
+exports.BadDebtPropagationDetector = BadDebtPropagationDetector;
+function isRiskyAaveParams(ltv, threshold, bonus) {
+    if (threshold !== null && threshold >= BPS_FULL_THRESHOLD)
+        return true;
+    if (ltv !== null && ltv >= BPS_HIGH_LTV)
+        return true;
+    if (bonus !== null && bonus <= BPS_NO_LIQUIDATION_BUFFER)
+        return true;
+    return false;
+}
+function parseReserveConfig(expr, path, loc) {
+    if (!isNode(expr, 'FunctionCall'))
+        return null;
+    const callName = getCallName(expr);
+    if (!/ReserveConfig|MarketConfig/i.test(callName))
+        return null;
+    const args = getCallArgs(expr);
+    const names = Array.isArray(expr.names) ? expr.names : [];
+    const values = new Map();
+    names.forEach((name, index) => values.set(name, args[index]));
+    const get = (name, fallback) => values.get(name) || args[fallback];
+    const ltv = intValue(get('ltv', 0));
+    const threshold = intValue(get('liquidationThreshold', 1));
+    const bonus = intValue(get('liquidationBonus', 2));
+    const caps = new Map();
+    for (const capName of ['borrowCap', 'supplyCap', 'debtCeiling']) {
+        const value = values.get(capName);
+        if (value) {
+            caps.set(capName, { bounded: isBoundedCap(value), text: `${capName}=${numText(value)}` });
+        }
+    }
+    return {
+        path: `${path}(ltv=${numText(get('ltv', 0))},liquidationThreshold=${numText(get('liquidationThreshold', 1))},liquidationBonus=${numText(get('liquidationBonus', 2))})`,
+        risky: isRiskyAaveParams(ltv, threshold, bonus),
+        caps,
+        loc,
+    };
+}
+function capNameForMethod(method) {
+    if (method === 'setSupplyCap')
+        return 'supplyCap';
+    if (method === 'setBorrowCap')
+        return 'borrowCap';
+    if (method === 'setDebtCeiling')
+        return 'debtCeiling';
+    return null;
+}
+function collectContracts(ast) {
+    const out = [];
+    walk(ast, node => {
+        if (isNode(node, 'ContractDefinition'))
+            out.push(node);
+    });
+    return out;
+}
+function isInterfaceLike(contract) {
+    const kind = String(contract?.kind || contract?.contractKind || '').toLowerCase();
+    return kind === 'interface' || kind === 'library';
+}
+function getContractMembers(contract) {
+    if (Array.isArray(contract?.subNodes))
+        return contract.subNodes;
+    if (Array.isArray(contract?.nodes))
+        return contract.nodes;
+    return [];
+}
+function getContractFunctions(contract) {
+    return getContractMembers(contract).filter(member => isNode(member, 'FunctionDefinition'));
+}
+function getFunctionBody(fn) {
+    return fn?.body || null;
+}
+function getNodeName(node) {
+    return typeof node?.name === 'string' ? node.name : '';
+}
+function getDeclaredVariableName(node) {
+    const vars = node.variables || node.declarations || [];
+    const first = Array.isArray(vars) ? vars[0] : null;
+    return String(first?.name || first?.identifier?.name || '');
+}
+function isAssignment(node) {
+    const op = String(node?.operator || '');
+    return (isNode(node, 'BinaryOperation') || isNode(node, 'Assignment')) && op === '=';
+}
+function getCallMethod(node) {
+    const expr = node?.expression;
+    if (isNode(expr, 'MemberAccess'))
+        return String(expr.memberName || expr.member_name || '');
+    return '';
+}
+function getCallName(node) {
+    const expr = node?.expression;
+    if (isNode(expr, 'Identifier'))
+        return String(expr.name || '');
+    if (isNode(expr, 'MemberAccess'))
+        return String(expr.memberName || '');
+    return '';
+}
+function getCallArgs(node) {
+    return Array.isArray(node?.arguments) ? node.arguments : [];
+}
+function isIdentifier(node) {
+    return isNode(node, 'Identifier') && typeof node.name === 'string';
+}
+function indexAccessText(node) {
+    if (!isNode(node, 'IndexAccess'))
+        return null;
+    const base = exprText(node.base || node.baseExpression);
+    const index = exprText(node.index || node.indexExpression);
+    if (!base || !index)
+        return null;
+    return { base, index, path: `${base}[${index}]` };
+}
+function exprText(node) {
+    if (!node || typeof node !== 'object')
+        return '';
+    if (isNode(node, 'Identifier'))
+        return String(node.name || '');
+    if (isNode(node, 'MemberAccess')) {
+        const base = exprText(node.expression);
+        const member = String(node.memberName || '');
+        return base ? `${base}.${member}` : member;
+    }
+    if (isNode(node, 'IndexAccess')) {
+        const indexed = indexAccessText(node);
+        return indexed?.path || '';
+    }
+    if (isNode(node, 'NumberLiteral') || isNode(node, 'Literal'))
+        return numText(node);
+    return '';
+}
+function boolValue(node) {
+    if (!node || typeof node !== 'object')
+        return null;
+    if (isNode(node, 'BooleanLiteral'))
+        return node.value === true;
+    if (isNode(node, 'Literal') && typeof node.value === 'boolean')
+        return node.value;
+    if (isNode(node, 'Literal') && typeof node.value === 'string') {
+        if (node.value === 'true')
+            return true;
+        if (node.value === 'false')
+            return false;
+    }
+    return null;
+}
+function isBoundedCap(node) {
+    const value = intValue(node);
+    return value !== null && value > 0n;
+}
+function intValue(node) {
+    const raw = numText(node);
+    if (!raw)
+        return null;
+    const normalized = raw.replace(/_/g, '').toLowerCase();
+    if (/^\d+e\d+$/.test(normalized)) {
+        const [base, exp] = normalized.split('e');
+        return BigInt(base) * (10n ** BigInt(exp));
+    }
+    if (/^0x[0-9a-f]+$/.test(normalized))
+        return BigInt(normalized);
+    if (/^\d+$/.test(normalized))
+        return BigInt(normalized);
+    return null;
+}
+function numText(node) {
+    if (!node || typeof node !== 'object')
+        return '';
+    if (isNode(node, 'NumberLiteral')) {
+        const base = String(node.number ?? node.value ?? '');
+        const denom = node.subdenomination ? String(node.subdenomination) : '';
+        return denom ? `${base}${denom}` : base;
+    }
+    if (isNode(node, 'Literal'))
+        return String(node.value ?? '');
+    if (isNode(node, 'Identifier'))
+        return String(node.name || '');
+    return exprText(node);
+}
+function walk(node, visit) {
+    if (!node || typeof node !== 'object')
+        return;
+    visit(node);
+    for (const child of childrenOf(node))
+        walk(child, visit);
+}
+function childrenOf(node) {
+    const out = [];
+    if (!node || typeof node !== 'object')
+        return out;
+    for (const [key, value] of Object.entries(node)) {
+        if (key === 'loc' || key === 'src' || key === 'range' || key === 'typeDescriptions' || key === 'id')
+            continue;
+        if (Array.isArray(value)) {
+            for (const item of value) {
+                if (item && typeof item === 'object')
+                    out.push(item);
+            }
+        }
+        else if (value && typeof value === 'object') {
+            out.push(value);
+        }
+    }
+    return out;
+}
+function isNode(node, kind) {
+    return node?.type === kind || node?.nodeType === kind;
+}
+function getLoc(node, lineOffsets) {
+    if (node?.loc?.start) {
+        return { line: node.loc.start.line || 0, column: node.loc.start.column || 0 };
+    }
+    if (node?.src && lineOffsets) {
+        const [offsetRaw] = String(node.src).split(':');
+        const offset = Number(offsetRaw);
+        if (Number.isFinite(offset) && offset >= 0)
+            return byteOffsetToLineColumn(offset, lineOffsets);
+    }
+    return null;
+}
+function buildLineOffsets(sourceText) {
+    if (sourceText === undefined)
+        return undefined;
+    const offsets = [0];
+    let byteOffset = 0;
+    for (const ch of sourceText) {
+        byteOffset += Buffer.byteLength(ch, 'utf8');
+        if (ch === '\n')
+            offsets.push(byteOffset);
+    }
+    return offsets;
+}
+function byteOffsetToLineColumn(byteOffset, lineOffsets) {
+    let low = 0;
+    let high = lineOffsets.length - 1;
+    let lineIdx = 0;
+    while (low <= high) {
+        const mid = Math.floor((low + high) / 2);
+        if (lineOffsets[mid] <= byteOffset) {
+            lineIdx = mid;
+            low = mid + 1;
+        }
+        else {
+            high = mid - 1;
+        }
+    }
+    return { line: lineIdx + 1, column: byteOffset - lineOffsets[lineIdx] };
+}
+//# sourceMappingURL=bad-debt-propagation.js.map

package/dist/detectors/bad-k-value-verification.d.ts

@@ -0,0 +1,7 @@
+import type { ScanResult } from '../index';
+export declare class BadKValueVerificationDetector {
+    readonly id = "bad-k-value-verification";
+    readonly patternKey = "bad-k-value-verification";
+    readonly supportedAstKinds: ("parser" | "solc")[];
+    scanAst(ast: any, file: string, sourceText?: string): ScanResult[];
+}