@snovon/solast 0.2.0

package/dist/detectors/borrow-behalf-consent.js

@@ -0,0 +1,400 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BorrowBehalfConsentDetector = void 0;
+const RULE_ID = 'borrow-behalf-consent';
+const BORROW_BEHALF_NAMES = new Set(['borrowbehalf', 'borrowonbehalf']);
+const ACCESS_CONTROL_MODIFIERS = new Set([
+    'onlyowner',
+    'onlyrole',
+    'onlyadmin',
+    'onlyauthorized',
+    'onlyoperator',
+    'onlygovernance',
+    'onlygovernor',
+    'onlyguardian',
+    'onlymanager',
+]);
+class BorrowBehalfConsentDetector {
+    id = RULE_ID;
+    patternKey = RULE_ID;
+    supportedAstKinds = ['parser', 'solc'];
+    scanAst(ast, file, sourceText) {
+        if (!ast || typeof ast !== 'object')
+            return [];
+        const findings = [];
+        const lineOffsets = buildLineOffsets(sourceText);
+        for (const contractNode of collectContracts(ast)) {
+            if (isInterfaceLike(contractNode))
+                continue;
+            const functions = getContractFunctions(contractNode);
+            if (!functions.some(isNormalBorrowEntrypoint))
+                continue;
+            const contractName = getName(contractNode) || '<anonymous>';
+            for (const fn of functions) {
+                if (!isBorrowBehalfEntrypoint(fn))
+                    continue;
+                if (hasRecognizedAccessControlModifier(fn))
+                    continue;
+                const behalfParam = getFunctionParameters(fn).find(isAddressParameter);
+                if (!behalfParam?.name)
+                    continue;
+                const body = getFunctionBody(fn);
+                if (!body || containsConsentGuard(body, String(behalfParam.name)))
+                    continue;
+                const fnName = functionDisplayName(fn);
+                const loc = getLoc(fn, lineOffsets) || { line: 0, column: 0 };
+                findings.push({
+                    file,
+                    contract: contractName,
+                    'function': fnName,
+                    line: loc.line,
+                    endLine: loc.line,
+                    column: loc.column,
+                    pattern: RULE_ID,
+                    confidence: 'high',
+                    ruleId: RULE_ID,
+                    severity: 'error',
+                    message: `Missing borrow-on-behalf consent validation in '${contractName}.${fnName}': the permissionless on-behalf borrow entry point does not check caller allowance from the borrower.`,
+                    rationale: 'Matches the Venus THE borrowBehalf donation-attack pattern: a normal borrow() path coexists with a permissionless borrowBehalf-style function, but the delegated path does not validate borrowAllowance[borrower][msg.sender] or an equivalent consent gate.',
+                    suggestedFix: 'Require caller consent from the on-behalf-of address before borrowing, for example `require(borrowAllowance[user][msg.sender] >= amount)` or a self-only `require(user == msg.sender)` guard.',
+                    contractName,
+                    functionName: fnName,
+                    sourceLocation: loc,
+                    findingId: '',
+                    contractHash: '',
+                    source: 'x-20260315-venus-the',
+                });
+            }
+        }
+        return findings;
+    }
+}
+exports.BorrowBehalfConsentDetector = BorrowBehalfConsentDetector;
+function isNormalBorrowEntrypoint(fn) {
+    if (!isExternallyCallable(fn))
+        return false;
+    if (getName(fn).toLowerCase() !== 'borrow')
+        return false;
+    return !getFunctionParameters(fn).some(isAddressParameter);
+}
+function isBorrowBehalfEntrypoint(fn) {
+    if (!isExternallyCallable(fn))
+        return false;
+    return BORROW_BEHALF_NAMES.has(getName(fn).toLowerCase());
+}
+function containsConsentGuard(body, behalfParamName) {
+    for (const stmt of getBlockStatements(body)) {
+        if (isNode(stmt, 'ExpressionStatement')) {
+            const expr = stmt.expression;
+            if (isNode(expr, 'FunctionCall') && isRequireOrAssert(expr)) {
+                const condition = getCallArguments(expr)[0];
+                if (conditionAllowsConsent(condition, behalfParamName))
+                    return true;
+            }
+        }
+        if (isNode(stmt, 'IfStatement')) {
+            const condition = stmt.condition;
+            const trueBody = stmt.trueBody || stmt.body;
+            if (conditionDeniesMissingAllowance(condition, behalfParamName) && bodyUnconditionallyExits(trueBody)) {
+                return true;
+            }
+        }
+    }
+    return false;
+}
+function conditionAllowsConsent(node, behalfParamName) {
+    return walkAny(node, child => isSelfConsentCheck(child, behalfParamName) ||
+        isPositiveAllowanceCheck(child, behalfParamName));
+}
+function conditionDeniesMissingAllowance(node, behalfParamName) {
+    if (!node || typeof node !== 'object')
+        return false;
+    if (isNode(node, 'UnaryOperation') && String(node.operator || '') === '!') {
+        return conditionAllowsConsent(node.subExpression, behalfParamName);
+    }
+    return walkAny(node, child => isLowAllowanceCheck(child, behalfParamName));
+}
+function isSelfConsentCheck(node, behalfParamName) {
+    if (!isNode(node, 'BinaryOperation') && !isNode(node, 'Assignment'))
+        return false;
+    const op = getOperator(node);
+    if (op !== '==' && op !== '===')
+        return false;
+    const left = getLeft(node);
+    const right = getRight(node);
+    return (isIdentifierNamed(left, behalfParamName) && isMsgSender(right)) ||
+        (isIdentifierNamed(right, behalfParamName) && isMsgSender(left));
+}
+function isPositiveAllowanceCheck(node, behalfParamName) {
+    if (!isNode(node, 'BinaryOperation') && !isNode(node, 'Assignment'))
+        return false;
+    const op = getOperator(node);
+    const left = getLeft(node);
+    const right = getRight(node);
+    if (isCorrectAllowanceAccess(left, behalfParamName))
+        return op === '>' || op === '>=';
+    if (isCorrectAllowanceAccess(right, behalfParamName))
+        return op === '<' || op === '<=';
+    return false;
+}
+function isLowAllowanceCheck(node, behalfParamName) {
+    if (!isNode(node, 'BinaryOperation') && !isNode(node, 'Assignment'))
+        return false;
+    const op = getOperator(node);
+    const left = getLeft(node);
+    const right = getRight(node);
+    if (isCorrectAllowanceAccess(left, behalfParamName))
+        return op === '<' || op === '<=';
+    if (isCorrectAllowanceAccess(right, behalfParamName))
+        return op === '>' || op === '>=';
+    return false;
+}
+function isCorrectAllowanceAccess(node, behalfParamName) {
+    if (!isNode(node, 'IndexAccess'))
+        return false;
+    const outerBase = node.base ?? node.baseExpression;
+    const outerIndex = node.index ?? node.indexExpression;
+    if (!isMsgSender(outerIndex))
+        return false;
+    if (!isNode(outerBase, 'IndexAccess'))
+        return false;
+    const innerBase = outerBase.base ?? outerBase.baseExpression;
+    const innerIndex = outerBase.index ?? outerBase.indexExpression;
+    return isIdentifierNamed(innerIndex, behalfParamName) && /allowance/i.test(rootName(innerBase));
+}
+function isRequireOrAssert(call) {
+    const name = getCalleeName(call).toLowerCase();
+    return name === 'require' || name === 'assert';
+}
+function bodyUnconditionallyExits(body) {
+    if (!body || typeof body !== 'object')
+        return false;
+    if (isNode(body, 'Block')) {
+        return getBlockStatements(body).some(statementGuaranteesExit);
+    }
+    return statementGuaranteesExit(body);
+}
+function statementGuaranteesExit(stmt) {
+    if (!stmt || typeof stmt !== 'object')
+        return false;
+    if (isNode(stmt, 'ThrowStatement') || isNode(stmt, 'RevertStatement'))
+        return true;
+    if (isNode(stmt, 'ExpressionStatement')) {
+        const expr = stmt.expression;
+        return isNode(expr, 'FunctionCall') && getCalleeName(expr).toLowerCase() === 'revert';
+    }
+    if (isNode(stmt, 'Block'))
+        return bodyUnconditionallyExits(stmt);
+    return false;
+}
+function hasRecognizedAccessControlModifier(fn) {
+    for (const modifier of fn.modifiers || []) {
+        if (ACCESS_CONTROL_MODIFIERS.has(getModifierName(modifier).toLowerCase()))
+            return true;
+    }
+    return false;
+}
+function isAddressParameter(param) {
+    const typeName = param?.typeName;
+    const typeString = String(param?.typeDescriptions?.typeString || param?.type || '');
+    if (/\baddress\b/.test(typeString))
+        return true;
+    if (typeof typeName === 'string')
+        return typeName === 'address';
+    if (typeName?.name === 'address')
+        return true;
+    if (typeName?.type === 'ElementaryTypeName' && typeName?.name === 'address')
+        return true;
+    if (typeName?.nodeType === 'ElementaryTypeName' && typeName?.name === 'address')
+        return true;
+    return false;
+}
+function isInterfaceLike(contractNode) {
+    const kind = String(contractNode?.kind || contractNode?.contractKind || '').toLowerCase();
+    return kind === 'interface' || kind === 'library';
+}
+function isConstructor(fn) {
+    if (!fn)
+        return false;
+    if (fn.isConstructor === true)
+        return true;
+    return String(fn.kind || '').toLowerCase() === 'constructor';
+}
+function isExternallyCallable(fn) {
+    if (!fn || isConstructor(fn))
+        return false;
+    const visibility = String(fn.visibility || '').toLowerCase();
+    return visibility === 'public' || visibility === 'external';
+}
+function getFunctionParameters(fn) {
+    const params = fn?.parameters;
+    if (Array.isArray(params))
+        return params;
+    if (Array.isArray(params?.parameters))
+        return params.parameters;
+    return [];
+}
+function getFunctionBody(node) {
+    return node?.body || null;
+}
+function getBlockStatements(body) {
+    if (!body || typeof body !== 'object')
+        return [];
+    if (Array.isArray(body.statements))
+        return body.statements;
+    return [];
+}
+function getContractFunctions(contractNode) {
+    return getContractMembers(contractNode).filter(child => isNode(child, 'FunctionDefinition'));
+}
+function getContractMembers(contractNode) {
+    if (!contractNode || typeof contractNode !== 'object')
+        return [];
+    if (Array.isArray(contractNode.subNodes))
+        return contractNode.subNodes;
+    if (Array.isArray(contractNode.nodes))
+        return contractNode.nodes;
+    return [];
+}
+function collectContracts(ast) {
+    const out = [];
+    walkContracts(ast, node => out.push(node));
+    return out;
+}
+function walkContracts(node, visit) {
+    if (!node || typeof node !== 'object')
+        return;
+    if (isNode(node, 'ContractDefinition')) {
+        visit(node);
+        return;
+    }
+    for (const child of childrenOf(node))
+        walkContracts(child, visit);
+}
+function walkAny(node, predicate) {
+    if (!node || typeof node !== 'object')
+        return false;
+    if (predicate(node))
+        return true;
+    return childrenOf(node).some(child => walkAny(child, predicate));
+}
+function childrenOf(node) {
+    if (!node || typeof node !== 'object')
+        return [];
+    const children = [];
+    for (const [key, value] of Object.entries(node)) {
+        if (key === 'loc' || key === 'src' || key === 'range' || key === 'typeDescriptions' || key === 'id')
+            continue;
+        if (Array.isArray(value)) {
+            for (const item of value) {
+                if (item && typeof item === 'object')
+                    children.push(item);
+            }
+        }
+        else if (value && typeof value === 'object') {
+            children.push(value);
+        }
+    }
+    return children;
+}
+function isNode(node, kind) {
+    return node?.type === kind || node?.nodeType === kind;
+}
+function isIdentifierNamed(node, name) {
+    return isNode(node, 'Identifier') && String(node.name || '') === name;
+}
+function isMsgSender(node) {
+    return isNode(node, 'MemberAccess') &&
+        String(node.memberName || '') === 'sender' &&
+        isNode(node.expression, 'Identifier') &&
+        String(node.expression.name || '') === 'msg';
+}
+function rootName(node) {
+    if (!node || typeof node !== 'object')
+        return '';
+    if (isNode(node, 'Identifier'))
+        return String(node.name || '');
+    if (isNode(node, 'MemberAccess'))
+        return rootName(node.expression);
+    if (isNode(node, 'IndexAccess'))
+        return rootName(node.base ?? node.baseExpression);
+    return '';
+}
+function getName(node) {
+    return typeof node?.name === 'string' ? node.name : '';
+}
+function functionDisplayName(fn) {
+    return getName(fn) || '<anonymous>';
+}
+function getCallArguments(node) {
+    return Array.isArray(node?.arguments) ? node.arguments : [];
+}
+function getCalleeName(node) {
+    const expr = node?.expression;
+    if (isNode(expr, 'Identifier'))
+        return String(expr.name || '');
+    if (isNode(expr, 'MemberAccess'))
+        return String(expr.memberName || '');
+    return '';
+}
+function getModifierName(modifier) {
+    if (!modifier)
+        return '';
+    if (typeof modifier === 'string')
+        return modifier;
+    if (typeof modifier.name === 'string')
+        return modifier.name;
+    if (modifier.name && typeof modifier.name === 'object') {
+        if (typeof modifier.name.name === 'string')
+            return modifier.name.name;
+        if (typeof modifier.name.namePath === 'string')
+            return modifier.name.namePath;
+    }
+    if (modifier.modifierName) {
+        const inner = modifier.modifierName;
+        if (typeof inner === 'string')
+            return inner;
+        if (typeof inner.name === 'string')
+            return inner.name;
+    }
+    return '';
+}
+function getOperator(node) {
+    return String(node?.operator || '');
+}
+function getLeft(node) {
+    return node?.left ?? node?.leftExpression ?? node?.leftHandSide;
+}
+function getRight(node) {
+    return node?.right ?? node?.rightExpression ?? node?.rightHandSide;
+}
+function buildLineOffsets(sourceText) {
+    if (sourceText === undefined)
+        return undefined;
+    const lineOffsets = [0];
+    let byteOffset = 0;
+    for (const char of sourceText) {
+        byteOffset += Buffer.byteLength(char, 'utf8');
+        if (char === '\n')
+            lineOffsets.push(byteOffset);
+    }
+    return lineOffsets;
+}
+function getLoc(node, lineOffsets) {
+    if (node?.loc?.start)
+        return node.loc.start;
+    if (!node?.src || !lineOffsets)
+        return undefined;
+    const offset = Number(String(node.src).split(':')[0]);
+    if (!Number.isFinite(offset) || offset < 0)
+        return undefined;
+    let lineIndex = 0;
+    for (let i = 0; i < lineOffsets.length; i++) {
+        if (lineOffsets[i] <= offset)
+            lineIndex = i;
+        else
+            break;
+    }
+    return { line: lineIndex + 1, column: offset - lineOffsets[lineIndex] };
+}
+//# sourceMappingURL=borrow-behalf-consent.js.map

package/dist/detectors/break-continue-scope.d.ts

@@ -0,0 +1,7 @@
+import type { ScanResult } from '../index';
+export declare class BreakContinueScopeDetector {
+    readonly id = "break-continue-scope";
+    readonly patternKey = "break-continue-scope";
+    readonly supportedAstKinds: "parser"[];
+    scanAst(ast: any, file: string): ScanResult[];
+}

package/dist/detectors/break-continue-scope.js

@@ -0,0 +1,194 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BreakContinueScopeDetector = void 0;
+const ast_1 = require("./_common/ast");
+const RULE_ID = 'break-continue-scope';
+// Solidity 0.8.28 tightened scope resolution for `break` / `continue` inside
+// nested `for` / `while` / `do-while` loops. A `break` or `continue` whose
+// nearest enclosing loop is itself nested inside another loop is the only
+// shape sensitive to that change — outermost-loop break/continue resolves
+// identically in both pre- and post-0.8.28 versions. The detector is gated
+// on the pragma's lower bound: only files that may compile against
+// pre-0.8.28 produce findings.
+class BreakContinueScopeDetector {
+    id = RULE_ID;
+    patternKey = RULE_ID;
+    supportedAstKinds = ['parser'];
+    scanAst(ast, file) {
+        if (!ast || ast.type !== 'SourceUnit')
+            return [];
+        if (!pragmaPredates0_8_28(ast))
+            return [];
+        const findings = [];
+        for (const child of ast.children || []) {
+            if (child?.type !== 'ContractDefinition')
+                continue;
+            const contractName = String(child.name || '<anonymous>');
+            for (const sub of child.subNodes || []) {
+                if (sub?.type !== 'FunctionDefinition')
+                    continue;
+                if (!sub.body)
+                    continue;
+                const fnName = sub.name || (sub.isConstructor ? '<constructor>' : '<anonymous>');
+                walkForBreakContinue(sub.body, 0, (kind, node) => {
+                    findings.push(makeFinding(file, contractName, fnName, kind, node));
+                });
+            }
+        }
+        return findings;
+    }
+}
+exports.BreakContinueScopeDetector = BreakContinueScopeDetector;
+const LOOP_TYPES = new Set(['ForStatement', 'WhileStatement', 'DoWhileStatement']);
+function walkForBreakContinue(node, loopDepth, emit) {
+    if (!node || typeof node !== 'object')
+        return;
+    // Inline assembly has its own break/continue grammar with its own scope
+    // rules — not affected by the Solidity statement-level change. Skip it.
+    if (node.type === 'InlineAssemblyStatement' || node.type === 'AssemblyBlock')
+        return;
+    if (node.type === 'BreakStatement' || node.type === 'ContinueStatement') {
+        if (loopDepth >= 2) {
+            emit(node.type === 'BreakStatement' ? 'break' : 'continue', node);
+        }
+        return;
+    }
+    const enteringLoop = LOOP_TYPES.has(node.type) ? 1 : 0;
+    for (const child of childrenOf(node)) {
+        walkForBreakContinue(child, loopDepth + enteringLoop, emit);
+    }
+}
+function childrenOf(node) {
+    const out = [];
+    for (const [key, value] of Object.entries(node)) {
+        if (key === 'loc' || key === 'range' || key === 'typeName')
+            continue;
+        if (Array.isArray(value)) {
+            for (const item of value) {
+                if (item && typeof item === 'object')
+                    out.push(item);
+            }
+        }
+        else if (value && typeof value === 'object') {
+            out.push(value);
+        }
+    }
+    return out;
+}
+function pragmaPredates0_8_28(ast) {
+    let saw = false;
+    for (const child of ast.children || []) {
+        if (child?.type !== 'PragmaDirective')
+            continue;
+        if (child.name !== 'solidity')
+            continue;
+        saw = true;
+        if (branchPermitsPre0_8_28(String(child.value || '')))
+            return true;
+    }
+    // Files without an explicit solidity pragma may compile against any
+    // version, including pre-0.8.28; treat them as in scope.
+    return !saw;
+}
+function branchPermitsPre0_8_28(value) {
+    if (!value)
+        return true;
+    const branches = value.split('||').map(s => s.trim()).filter(Boolean);
+    if (branches.length === 0)
+        return true;
+    // If any alternative in the pragma allows a compiler below 0.8.28, the
+    // file is in scope — that alternative could be selected at build time.
+    return branches.some(branchAllowsBelow0_8_28);
+}
+function branchAllowsBelow0_8_28(branch) {
+    const tokens = branch.split(/\s+/).filter(Boolean);
+    let lowerMinor = -1;
+    let lowerPatch = -1;
+    let upperMinor = Number.POSITIVE_INFINITY;
+    let upperPatch = Number.POSITIVE_INFINITY;
+    for (const token of tokens) {
+        const m = token.match(/^([\^~]|>=|>|<=|<|=)?\s*0\.(\d+)(?:\.(\d+))?/);
+        if (!m)
+            continue;
+        const op = m[1] || '=';
+        const minor = parseInt(m[2], 10);
+        const patch = m[3] ? parseInt(m[3], 10) : 0;
+        if (op === '<' || op === '<=') {
+            if (minor < upperMinor || (minor === upperMinor && patch < upperPatch)) {
+                upperMinor = minor;
+                upperPatch = patch;
+            }
+            continue;
+        }
+        if (op === '^') {
+            // ^0.X.Y allows >=0.X.Y and <0.(X+1).0
+            if (lowerMinor < 0 || minor > lowerMinor || (minor === lowerMinor && patch > lowerPatch)) {
+                lowerMinor = minor;
+                lowerPatch = patch;
+            }
+            if (minor + 1 < upperMinor) {
+                upperMinor = minor + 1;
+                upperPatch = 0;
+            }
+            continue;
+        }
+        if (op === '~') {
+            // ~0.X.Y allows >=0.X.Y and <0.(X+1).0 (consistent with how solc reads it)
+            if (lowerMinor < 0 || minor > lowerMinor || (minor === lowerMinor && patch > lowerPatch)) {
+                lowerMinor = minor;
+                lowerPatch = patch;
+            }
+            if (minor + 1 < upperMinor) {
+                upperMinor = minor + 1;
+                upperPatch = 0;
+            }
+            continue;
+        }
+        // =, >=, > — treat as a lower bound contributor.
+        if (lowerMinor < 0 || minor > lowerMinor || (minor === lowerMinor && patch > lowerPatch)) {
+            lowerMinor = minor;
+            lowerPatch = patch;
+        }
+    }
+    // No bounds → treat as in scope (unconstrained).
+    if (lowerMinor < 0 && !isFinite(upperMinor))
+        return true;
+    // Lower bound at or above 0.8.28 → the new semantics already apply.
+    if (lowerMinor === 8 && lowerPatch >= 28)
+        return false;
+    if (lowerMinor > 8)
+        return false;
+    // Upper bound at or below 0.8.28 → at least one selectable compiler
+    // predates the change.
+    if (upperMinor === 8 && upperPatch <= 28)
+        return true;
+    if (upperMinor < 8)
+        return true;
+    // Otherwise the range straddles 0.8.28 — at least one selectable
+    // version predates the change, so flag conservatively.
+    return true;
+}
+function makeFinding(file, contractName, functionName, kind, node) {
+    const { line, column } = (0, ast_1.assertLoc)(node);
+    const loc = { line, column };
+    return {
+        file,
+        contract: contractName,
+        'function': functionName,
+        line: loc.line,
+        column: loc.column,
+        pattern: RULE_ID,
+        confidence: 'medium',
+        ruleId: RULE_ID,
+        severity: 'medium',
+        message: `'${kind}' inside a nested loop in '${contractName}.${functionName}' is sensitive to the Solidity 0.8.28 break/continue scope change; verify the resolved target loop matches the intent.`,
+        contractName,
+        functionName,
+        sourceLocation: { line: loc.line, column: loc.column },
+        rationale: 'Solidity 0.8.28 tightened scope resolution for break/continue in nested loops; statements written against an older compiler may silently redirect control flow when rebuilt with a newer toolchain.',
+        suggestedFix: 'Restructure the nested loop so the intended target is unambiguous (e.g. extract the inner loop into a helper that returns early), or pin the pragma to >=0.8.28.',
+        findingId: '',
+        contractHash: '',
+    };
+}
+//# sourceMappingURL=break-continue-scope.js.map

package/dist/detectors/bridge-accounting-bypass.d.ts

@@ -0,0 +1,65 @@
+import type { ScanResult } from '../index';
+export declare class BridgeAccountingBypassDetector {
+    readonly id = "bridge-accounting-bypass";
+    readonly patternKey = "bridge-accounting-bypass";
+    readonly supportedAstKinds: "parser"[];
+    private currentFile;
+    private findings;
+    private contractStack;
+    private currentFunction;
+    private branchByBody;
+    private branchStack;
+    private nextBranchId;
+    setFile(file: string): void;
+    getFindings(): ScanResult[];
+    ContractDefinition(node: any): void;
+    ContractDefinition_post(node: any): void;
+    ['ContractDefinition:exit'](node: any): void;
+    FunctionDefinition(node: any): void;
+    FunctionDefinition_post(node: any): void;
+    ['FunctionDefinition:exit'](node: any): void;
+    IfStatement(node: any): void;
+    IfStatement_post(node: any): void;
+    ['IfStatement:exit'](node: any): void;
+    Block(node: any): void;
+    Block_post(node: any): void;
+    ['Block:exit'](node: any): void;
+    ExpressionStatement(node: any): void;
+    ['ExpressionStatement:exit'](node: any): void;
+    VariableDeclarationStatement(node: any): void;
+    ['VariableDeclarationStatement:exit'](node: any): void;
+    ReturnStatement(node: any): void;
+    ['ReturnStatement:exit'](node: any): void;
+    EmitStatement(node: any): void;
+    ['EmitStatement:exit'](node: any): void;
+    RevertStatement(node: any): void;
+    ['RevertStatement:exit'](node: any): void;
+    ForStatement(node: any): void;
+    ['ForStatement:exit'](node: any): void;
+    WhileStatement(node: any): void;
+    ['WhileStatement:exit'](node: any): void;
+    DoWhileStatement(node: any): void;
+    ['DoWhileStatement:exit'](node: any): void;
+    UncheckedStatement(node: any): void;
+    ['UncheckedStatement:exit'](node: any): void;
+    /**
+     * Called when the walker enters a node that is registered as a branch
+     * arm body (any statement type — `Block` or an unbraced single
+     * statement). Resets the live path to the branch's entry snapshot so the
+     * arm is analysed in isolation from its sibling arm. No-op for nodes that
+     * are not arm bodies.
+     */
+    private enterBranchBody;
+    /**
+     * Called when the walker exits a branch arm body. Snapshots the live path
+     * into the branch's `trueEnd`/`falseEnd` so `IfStatement_post` can merge
+     * the arms, then restores the live path to the branch entry snapshot
+     * (the next arm starts fresh). No-op for nodes that are not arm bodies.
+     */
+    private exitBranchBody;
+    BinaryOperation(node: any): void;
+    FunctionCall(node: any): void;
+    private recordEntitlementCheck;
+    private hasBridgeAccountingContext;
+    private currentContract;
+}