@snovon/solast 0.2.0

package/dist/detectors/bad-k-value-verification.js

@@ -0,0 +1,512 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BadKValueVerificationDetector = void 0;
+const RULE_ID = 'bad-k-value-verification';
+const MISMATCHED_PATTERN = 'bad-k-value-verification/mismatched-k-scale';
+const STALE_PATTERN = 'bad-k-value-verification/stale-k-before-reconciliation';
+const PROVENANCE = 'x-20231115-linkdao-bad-k-value-verification';
+const ACCESS_CONTROL_MODIFIERS = /^(onlyowner|onlyowners|onlyrole|onlyadmin|onlyauthorized|authorized|auth|onlyoperator|onlyoperators|onlyprotocol|onlygovernance|onlygovernor|onlyguardian|onlymanager|onlytrusted|onlytimelock)$/i;
+const TRANSFER_MEMBERS = new Set(['transfer', 'transferFrom', 'safeTransfer', 'safeTransferFrom', 'call', 'send', 'delegatecall']);
+// Fee-denominator-style scale literals of interest. AMM K checks typically use
+// 1000 / 10000 here; smaller numbers (3, 25, 30) are fee numerators that appear
+// alongside but are not themselves the invariant scale.
+const SCALE_THRESHOLD = 100;
+class BadKValueVerificationDetector {
+    id = RULE_ID;
+    patternKey = RULE_ID;
+    supportedAstKinds = ['parser', 'solc'];
+    scanAst(ast, file, sourceText) {
+        if (!ast || typeof ast !== 'object')
+            return [];
+        const findings = [];
+        const lineOffsets = buildLineOffsets(sourceText);
+        for (const contract of collectContracts(ast)) {
+            if (isInterfaceLike(contract))
+                continue;
+            const contractName = getName(contract) || '<anonymous>';
+            for (const fn of getContractFunctions(contract)) {
+                const body = getFunctionBody(fn);
+                if (!body)
+                    continue;
+                if (fn?.isConstructor === true)
+                    continue;
+                const kind = String(fn?.kind || '').toLowerCase();
+                if (kind === 'constructor')
+                    continue;
+                const vis = String(fn?.visibility || '').toLowerCase();
+                if (vis !== 'external' && vis !== 'public')
+                    continue;
+                const sm = String(fn?.stateMutability || '').toLowerCase();
+                if (sm === 'view' || sm === 'pure' || sm === 'constant')
+                    continue;
+                if (isAccessControlled(fn))
+                    continue;
+                const finding = analyzeFunction(fn, contractName, file, lineOffsets);
+                if (finding)
+                    findings.push(finding);
+            }
+        }
+        return findings;
+    }
+}
+exports.BadKValueVerificationDetector = BadKValueVerificationDetector;
+function analyzeFunction(fn, contractName, file, lineOffsets) {
+    const events = [];
+    const scaleMap = new Map();
+    collectEvents(getFunctionBody(fn), events, scaleMap);
+    let kIdx = -1;
+    for (let i = 0; i < events.length; i++) {
+        if (events[i].phase === 'kCheck') {
+            kIdx = i;
+            break;
+        }
+    }
+    if (kIdx === -1)
+        return null;
+    const cmp = events[kIdx].comparison;
+    if (!cmp)
+        return null;
+    let hasTransferBefore = false;
+    for (let i = 0; i < kIdx; i++) {
+        if (events[i].phase === 'transfer') {
+            hasTransferBefore = true;
+            break;
+        }
+    }
+    if (!hasTransferBefore)
+        return null;
+    const lhsExpr = getBinaryLeft(cmp);
+    const rhsExpr = getBinaryRight(cmp);
+    const lhsScales = collectMultiplierScales(lhsExpr, scaleMap);
+    const rhsPowerBases = collectPowerBases(rhsExpr);
+    let pattern = null;
+    if (lhsScales.size > 0) {
+        let matched = false;
+        for (const s of lhsScales) {
+            if (rhsPowerBases.has(s)) {
+                matched = true;
+                break;
+            }
+        }
+        if (!matched)
+            pattern = MISMATCHED_PATTERN;
+    }
+    else {
+        let hasBalanceReadAfter = false;
+        let hasReserveWriteAfter = false;
+        for (let i = kIdx + 1; i < events.length; i++) {
+            if (events[i].phase === 'balanceRead')
+                hasBalanceReadAfter = true;
+            if (events[i].phase === 'reserveWrite')
+                hasReserveWriteAfter = true;
+        }
+        if (hasBalanceReadAfter && hasReserveWriteAfter)
+            pattern = STALE_PATTERN;
+    }
+    if (!pattern)
+        return null;
+    const fnName = functionDisplayName(fn);
+    const loc = getLoc(cmp, lineOffsets) || getLoc(events[kIdx].node, lineOffsets) || getLoc(fn, lineOffsets) || { line: 0, column: 0 };
+    const message = pattern === MISMATCHED_PATTERN
+        ? `Bad K value verification in '${contractName}.${fnName}': fee-adjusted balance product is checked against the reserve invariant with an inconsistent scale, so the K invariant can be satisfied with drained reserves.`
+        : `Bad K value verification in '${contractName}.${fnName}': K invariant is checked before the post-transfer balance reconciliation, leaving reserves unprotected across the swap callback.`;
+    return {
+        file,
+        contract: contractName,
+        'function': fnName,
+        line: loc.line,
+        endLine: loc.line,
+        column: loc.column,
+        pattern,
+        confidence: 'high',
+        ruleId: RULE_ID,
+        severity: 'error',
+        message,
+        rationale: 'Mirrors the 2023-11-15 LinkDAO/Uranium-style AMM bad-K pattern where the fee-denominator scaling on the adjusted-balance side of the K check did not match the reserve-product side, or the K check executed against stale storage reserves before the post-transfer balance reconciliation. Either shape lets a swap callback drain the pool while still appearing to satisfy the invariant.',
+        suggestedFix: 'Match the fee-denominator scale on both sides of the K check (e.g. balance * 1000 - amountIn * 3 vs reserve0 * reserve1 * 1000 ** 2), and reorder the check to run after final balance reads but before any reserve write, behind a reentrancy guard.',
+        contractName,
+        functionName: fnName,
+        sourceLocation: { line: loc.line, column: loc.column },
+        findingId: '',
+        contractHash: '',
+        provenance: PROVENANCE,
+        source: PROVENANCE,
+    };
+}
+function collectEvents(node, events, scaleMap) {
+    if (!node || typeof node !== 'object')
+        return;
+    if (isNode(node, 'Block') || isNode(node, 'UncheckedBlock')) {
+        for (const s of node.statements || [])
+            collectEvents(s, events, scaleMap);
+        return;
+    }
+    if (isNode(node, 'VariableDeclarationStatement')) {
+        const init = node.initialValue ?? null;
+        if (init) {
+            const initScales = collectMultiplierScales(init, scaleMap);
+            for (const decl of getVariableDeclarations(node)) {
+                const name = getName(decl);
+                if (name && initScales.size > 0)
+                    scaleMap.set(name, new Set(initScales));
+            }
+            collectEventsFromExpr(init, events);
+        }
+        return;
+    }
+    if (isNode(node, 'IfStatement')) {
+        if (node.condition)
+            collectEventsFromExpr(node.condition, events);
+        if (node.trueBody)
+            collectEvents(node.trueBody, events, scaleMap);
+        if (node.falseBody)
+            collectEvents(node.falseBody, events, scaleMap);
+        return;
+    }
+    if (isNode(node, 'ExpressionStatement')) {
+        const expr = node.expression;
+        if (expr)
+            handleStatementExpression(expr, events);
+        return;
+    }
+    if (isNode(node, 'ForStatement') || isNode(node, 'WhileStatement') || isNode(node, 'DoWhileStatement')) {
+        if (node.body)
+            collectEvents(node.body, events, scaleMap);
+        return;
+    }
+    if (isNode(node, 'TryStatement')) {
+        if (node.body)
+            collectEvents(node.body, events, scaleMap);
+        for (const cc of node.catchClauses || []) {
+            if (cc?.body)
+                collectEvents(cc.body, events, scaleMap);
+        }
+        return;
+    }
+    if (isNode(node, 'UncheckedStatement')) {
+        if (node.block)
+            collectEvents(node.block, events, scaleMap);
+        return;
+    }
+}
+function handleStatementExpression(expr, events) {
+    if (!expr || typeof expr !== 'object')
+        return;
+    if (isFunctionCall(expr)) {
+        const callee = unwrapCallOptions(expr.expression);
+        if (isNode(callee, 'Identifier')) {
+            const name = String(callee.name || '');
+            if (name === 'require' || name === 'assert') {
+                const args = getCallArguments(expr);
+                const cond = args[0];
+                const cmp = cond ? findKComparison(cond) : null;
+                if (cmp) {
+                    events.push({ phase: 'kCheck', node: expr, comparison: cmp });
+                    return;
+                }
+            }
+        }
+    }
+    if (isAssignmentExprNode(expr) && referencesReserveStorageRoot(getAssignTarget(expr))) {
+        events.push({ phase: 'reserveWrite', node: expr });
+    }
+    collectEventsFromExpr(expr, events);
+}
+function collectEventsFromExpr(expr, events) {
+    walk(expr, n => {
+        if (!isFunctionCall(n))
+            return;
+        const callee = unwrapCallOptions(n.expression);
+        if (!isNode(callee, 'MemberAccess'))
+            return;
+        const member = String(callee.memberName || '');
+        if (TRANSFER_MEMBERS.has(member)) {
+            events.push({ phase: 'transfer', node: n });
+        }
+        else if (member === 'balanceOf') {
+            events.push({ phase: 'balanceRead', node: n });
+        }
+    });
+}
+function findKComparison(cond) {
+    let result = null;
+    walk(cond, n => {
+        if (result)
+            return;
+        if (!isNode(n, 'BinaryOperation'))
+            return;
+        if (String(n.operator || '') !== '>=')
+            return;
+        const left = getBinaryLeft(n);
+        if (!isProductBinaryOp(left))
+            return;
+        result = n;
+    });
+    return result;
+}
+function isProductBinaryOp(node) {
+    if (!node || typeof node !== 'object')
+        return false;
+    if (!isNode(node, 'BinaryOperation'))
+        return false;
+    return String(node.operator || '') === '*';
+}
+function collectMultiplierScales(expr, scaleMap) {
+    const out = new Set();
+    walk(expr, n => {
+        if (!isNode(n, 'BinaryOperation'))
+            return;
+        if (String(n.operator || '') !== '*')
+            return;
+        const lv = literalNumberValue(getBinaryLeft(n));
+        const rv = literalNumberValue(getBinaryRight(n));
+        if (lv !== null && lv >= SCALE_THRESHOLD)
+            out.add(lv);
+        if (rv !== null && rv >= SCALE_THRESHOLD)
+            out.add(rv);
+    });
+    walk(expr, n => {
+        if (!isNode(n, 'Identifier'))
+            return;
+        const name = String(n.name || '');
+        const scales = scaleMap.get(name);
+        if (scales)
+            for (const s of scales)
+                out.add(s);
+    });
+    return out;
+}
+function collectPowerBases(expr) {
+    const out = new Set();
+    walk(expr, n => {
+        if (!isNode(n, 'BinaryOperation'))
+            return;
+        const op = String(n.operator || '');
+        if (op === '**') {
+            const rv = literalNumberValue(getBinaryRight(n));
+            if (rv !== 2)
+                return;
+            const lv = literalNumberValue(getBinaryLeft(n));
+            if (lv !== null && lv >= SCALE_THRESHOLD)
+                out.add(lv);
+        }
+        else if (op === '*') {
+            const lv = literalNumberValue(getBinaryLeft(n));
+            const rv = literalNumberValue(getBinaryRight(n));
+            if (lv !== null && rv !== null && lv === rv && lv >= SCALE_THRESHOLD)
+                out.add(lv);
+        }
+    });
+    return out;
+}
+function literalNumberValue(node) {
+    if (!node || typeof node !== 'object')
+        return null;
+    if (isNode(node, 'NumberLiteral')) {
+        const raw = node.number ?? node.value ?? '';
+        const n = Number(raw);
+        return Number.isFinite(n) ? n : null;
+    }
+    if (isNode(node, 'Literal') && node.kind === 'number') {
+        const raw = node.value ?? '';
+        const n = Number(raw);
+        return Number.isFinite(n) ? n : null;
+    }
+    return null;
+}
+function referencesReserveStorageRoot(target) {
+    if (!target || typeof target !== 'object')
+        return false;
+    if (isNode(target, 'Identifier')) {
+        return /^reserve/i.test(String(target.name || ''));
+    }
+    return false;
+}
+function isAssignmentExprNode(node) {
+    if (!node || typeof node !== 'object')
+        return false;
+    if (isNode(node, 'Assignment'))
+        return String(node.operator || '') === '=' || /=$/.test(String(node.operator || ''));
+    if (isNode(node, 'BinaryOperation')) {
+        const op = String(node.operator || '');
+        return op === '=' || op === '+=' || op === '-=' || op === '*=' || op === '/=' || op === '%=';
+    }
+    return false;
+}
+function getAssignTarget(node) {
+    return node?.left ?? node?.leftHandSide ?? null;
+}
+function isAccessControlled(fn) {
+    for (const mod of fn?.modifiers || []) {
+        const name = getModifierName(mod);
+        if (ACCESS_CONTROL_MODIFIERS.test(name))
+            return true;
+    }
+    return false;
+}
+function getModifierName(modifier) {
+    if (!modifier)
+        return '';
+    if (typeof modifier === 'string')
+        return modifier;
+    if (typeof modifier.name === 'string')
+        return modifier.name;
+    if (modifier.name && typeof modifier.name === 'object') {
+        if (typeof modifier.name.name === 'string')
+            return modifier.name.name;
+        if (typeof modifier.name.namePath === 'string')
+            return modifier.name.namePath;
+    }
+    if (modifier.modifierName) {
+        const inner = modifier.modifierName;
+        if (typeof inner === 'string')
+            return inner;
+        if (inner && typeof inner.name === 'string')
+            return inner.name;
+        if (inner && typeof inner.namePath === 'string')
+            return inner.namePath;
+    }
+    return '';
+}
+function isInterfaceLike(contract) {
+    const kind = String(contract?.kind || contract?.contractKind || '').toLowerCase();
+    return kind === 'interface' || kind === 'library';
+}
+function getFunctionBody(fn) {
+    return fn?.body || null;
+}
+function getVariableDeclarations(stmt) {
+    if (Array.isArray(stmt?.variables))
+        return stmt.variables;
+    if (Array.isArray(stmt?.declarations))
+        return stmt.declarations;
+    return [];
+}
+function getContractFunctions(contract) {
+    return getContractMembers(contract).filter(child => isNode(child, 'FunctionDefinition'));
+}
+function getContractMembers(contract) {
+    if (!contract || typeof contract !== 'object')
+        return [];
+    if (Array.isArray(contract.subNodes))
+        return contract.subNodes;
+    if (Array.isArray(contract.nodes))
+        return contract.nodes;
+    return [];
+}
+function collectContracts(ast) {
+    const out = [];
+    walkContracts(ast, n => out.push(n));
+    return out;
+}
+function walkContracts(node, visit) {
+    if (!node || typeof node !== 'object')
+        return;
+    if (isNode(node, 'ContractDefinition')) {
+        visit(node);
+        return;
+    }
+    for (const child of childrenOf(node))
+        walkContracts(child, visit);
+}
+function walk(node, visit) {
+    if (!node || typeof node !== 'object')
+        return;
+    visit(node);
+    for (const child of childrenOf(node))
+        walk(child, visit);
+}
+function childrenOf(node) {
+    if (!node || typeof node !== 'object')
+        return [];
+    const out = [];
+    for (const [key, value] of Object.entries(node)) {
+        if (key === 'loc' || key === 'src' || key === 'range' || key === 'typeDescriptions' || key === 'id' || key === 'typeName')
+            continue;
+        if (Array.isArray(value)) {
+            for (const item of value)
+                if (item && typeof item === 'object')
+                    out.push(item);
+        }
+        else if (value && typeof value === 'object') {
+            out.push(value);
+        }
+    }
+    return out;
+}
+function isNode(node, kind) {
+    return node?.type === kind || node?.nodeType === kind;
+}
+function isFunctionCall(node) {
+    return isNode(node, 'FunctionCall');
+}
+function unwrapCallOptions(expr) {
+    if (!expr || typeof expr !== 'object')
+        return expr;
+    if (isNode(expr, 'NameValueExpression') || isNode(expr, 'FunctionCallOptions')) {
+        return unwrapCallOptions(expr.expression);
+    }
+    return expr;
+}
+function getCallArguments(node) {
+    return Array.isArray(node?.arguments) ? node.arguments : [];
+}
+function getBinaryLeft(node) {
+    return node?.left ?? node?.leftExpression ?? node?.leftHandSide;
+}
+function getBinaryRight(node) {
+    return node?.right ?? node?.rightExpression ?? node?.rightHandSide;
+}
+function getName(node) {
+    return typeof node?.name === 'string' ? node.name : '';
+}
+function functionDisplayName(fn) {
+    const kind = String(fn?.kind || '').toLowerCase();
+    if (fn?.isFallback === true || kind === 'fallback')
+        return '<fallback>';
+    if (fn?.isReceiveEther === true || kind === 'receive')
+        return '<receive>';
+    if (fn?.isConstructor === true || kind === 'constructor')
+        return '<constructor>';
+    return getName(fn) || '<anonymous>';
+}
+function buildLineOffsets(sourceText) {
+    if (sourceText === undefined)
+        return undefined;
+    const offsets = [0];
+    let byteOffset = 0;
+    for (const ch of sourceText) {
+        byteOffset += Buffer.byteLength(ch, 'utf8');
+        if (ch === '\n')
+            offsets.push(byteOffset);
+    }
+    return offsets;
+}
+function getLoc(node, lineOffsets) {
+    if (node?.loc?.start)
+        return { line: node.loc.start.line || 0, column: node.loc.start.column || 0 };
+    if (!node?.src || !lineOffsets)
+        return undefined;
+    const [offsetRaw] = String(node.src).split(':');
+    const offset = Number(offsetRaw);
+    if (!Number.isFinite(offset) || offset < 0)
+        return undefined;
+    return byteOffsetToLineColumn(offset, lineOffsets);
+}
+function byteOffsetToLineColumn(byteOffset, lineOffsets) {
+    let low = 0;
+    let high = lineOffsets.length - 1;
+    let lineIdx = 0;
+    while (low <= high) {
+        const mid = Math.floor((low + high) / 2);
+        if (lineOffsets[mid] <= byteOffset) {
+            lineIdx = mid;
+            low = mid + 1;
+        }
+        else {
+            high = mid - 1;
+        }
+    }
+    return { line: lineIdx + 1, column: byteOffset - lineOffsets[lineIdx] };
+}
+//# sourceMappingURL=bad-k-value-verification.js.map

package/dist/detectors/bad-randomness-zero-blockhash.d.ts

@@ -0,0 +1,29 @@
+import type { ScanResult } from '../index';
+export declare class BadRandomnessZeroBlockhashDetector {
+    readonly id = "bad-randomness-zero-blockhash";
+    readonly patternKey = "bad-randomness-zero-blockhash";
+    readonly supportedAstKinds: "parser"[];
+    readonly descriptor: {
+        id: string;
+        shortDescription: string;
+        helpUri: string;
+        defaultSeverity: "high";
+        help: string;
+    };
+    private currentFile;
+    private currentContract;
+    private currentFunction;
+    private currentFunctionNode;
+    private findings;
+    setFile(file: string): void;
+    getFindings(): ScanResult[];
+    ContractDefinition(node: any): void;
+    ContractDefinition_post(_node: any): void;
+    ['ContractDefinition:exit'](node: any): void;
+    FunctionDefinition(node: any): void;
+    FunctionDefinition_post(_node: any): void;
+    ['FunctionDefinition:exit'](node: any): void;
+    FunctionCall(node: any): void;
+    private isCurrentBlockhashCall;
+    private addFinding;
+}

package/dist/detectors/bad-randomness-zero-blockhash.js

@@ -0,0 +1,115 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BadRandomnessZeroBlockhashDetector = void 0;
+const ast_1 = require("./_common/ast");
+const RULE_ID = 'bad-randomness-zero-blockhash';
+class BadRandomnessZeroBlockhashDetector {
+    id = RULE_ID;
+    patternKey = RULE_ID;
+    supportedAstKinds = ['parser'];
+    descriptor = {
+        id: RULE_ID,
+        shortDescription: 'Current-block blockhash is used as randomness even though it always returns zero.',
+        helpUri: 'https://snovon.com/',
+        defaultSeverity: 'high',
+        help: 'Do not call blockhash(block.number) or block.blockhash(block.number); the current block hash is unavailable during execution and resolves to zero.'
+    };
+    currentFile = '';
+    currentContract = '';
+    currentFunction = '';
+    currentFunctionNode = null;
+    findings = [];
+    setFile(file) {
+        this.currentFile = file;
+        this.currentContract = '';
+        this.currentFunction = '';
+        this.currentFunctionNode = null;
+        this.findings = [];
+    }
+    getFindings() {
+        return this.findings;
+    }
+    ContractDefinition(node) {
+        this.currentContract = node?.name || '<anonymous>';
+    }
+    ContractDefinition_post(_node) {
+        this.currentContract = '';
+    }
+    ['ContractDefinition:exit'](node) {
+        this.ContractDefinition_post(node);
+    }
+    FunctionDefinition(node) {
+        this.currentFunctionNode = node;
+        this.currentFunction = node?.name || (node?.isConstructor ? '<constructor>' : '<anonymous>');
+    }
+    FunctionDefinition_post(_node) {
+        this.currentFunctionNode = null;
+        this.currentFunction = '';
+    }
+    ['FunctionDefinition:exit'](node) {
+        this.FunctionDefinition_post(node);
+    }
+    FunctionCall(node) {
+        if (!this.isCurrentBlockhashCall(node))
+            return;
+        this.addFinding(node);
+    }
+    isCurrentBlockhashCall(node) {
+        if (!(0, ast_1.isNode)(node, 'FunctionCall'))
+            return false;
+        if (!isBlockhashCallee(node.expression))
+            return false;
+        const args = node.arguments || [];
+        if (args.length !== 1)
+            return false;
+        return isBlockNumber(unwrapParentheses(args[0]));
+    }
+    addFinding(node) {
+        const loc = (0, ast_1.assertLoc)(node, this.currentFunctionNode);
+        const functionName = this.currentFunction || '<unknown>';
+        this.findings.push({
+            file: this.currentFile,
+            contract: this.currentContract,
+            'function': functionName,
+            line: loc.line,
+            endLine: loc.endLine,
+            column: loc.column,
+            endColumn: loc.endColumn,
+            pattern: RULE_ID,
+            confidence: 'high',
+            category: 'vulnerability',
+            classification: 'bad-randomness',
+            ruleId: RULE_ID,
+            severity: 'high',
+            message: '`blockhash(block.number)` always returns zero for the current block, so it must not be used as randomness.',
+            contractName: this.currentContract,
+            functionName,
+            sourceLocation: { line: loc.line, column: loc.column },
+            findingId: '',
+            contractHash: '',
+        });
+    }
+}
+exports.BadRandomnessZeroBlockhashDetector = BadRandomnessZeroBlockhashDetector;
+function unwrapParentheses(node) {
+    let current = node;
+    while ((0, ast_1.isNode)(current, 'TupleExpression') && current.components?.length === 1) {
+        current = current.components[0];
+    }
+    return current;
+}
+function isBlockNumber(node) {
+    return (0, ast_1.isNode)(node, 'MemberAccess') &&
+        node.memberName === 'number' &&
+        (0, ast_1.isNode)(node.expression, 'Identifier') &&
+        node.expression.name === 'block';
+}
+function isBlockhashCallee(expr) {
+    if ((0, ast_1.isNode)(expr, 'Identifier'))
+        return expr.name === 'blockhash';
+    return (0, ast_1.isNode)(expr, 'MemberAccess') &&
+        expr.memberName === 'blockhash' &&
+        (0, ast_1.isNode)(expr.expression, 'Identifier') &&
+        expr.expression.name === 'block';
+}
+//# sourceMappingURL=bad-randomness-zero-blockhash.js.map

package/dist/detectors/balancer-flash-loan-manipulation.d.ts

@@ -0,0 +1,33 @@
+import type { ScanResult } from '../index';
+export declare class BalancerFlashLoanManipulationDetector {
+    readonly id = "balancer-flash-loan-manipulation";
+    readonly patternKey = "balancer-flash-loan-manipulation";
+    readonly supportedAstKinds: "parser"[];
+    readonly descriptor: {
+        id: string;
+        shortDescription: string;
+        helpUri: string;
+        defaultSeverity: "high";
+        help: string;
+    };
+    private currentFile;
+    private currentContract;
+    private currentFunction;
+    private currentFunctionNode;
+    private findings;
+    private order;
+    private hasFlashContext;
+    private poolMutations;
+    private distortions;
+    private spotConsumptions;
+    private emittedFunctions;
+    setFile(file: string): void;
+    getFindings(): ScanResult[];
+    ContractDefinition(node: any): void;
+    ContractDefinition_post(_node: any): void;
+    FunctionDefinition(node: any): void;
+    FunctionDefinition_post(_node: any): void;
+    FunctionCall(node: any): void;
+    private emitIfManipulationSequenceExists;
+    private resetFunctionState;
+}