@snovon/solast 0.2.0

package/dist/detectors/delegatecall-init-owner-mutator.js

@@ -0,0 +1,655 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DelegatecallInitOwnerMutatorDetector = void 0;
+const ast_1 = require("./_common/ast");
+const RULE_ID = 'delegatecall-init';
+const OWNER_STORAGE_NAMES = /^(isOwner|owner|owners|ownerCount|admin|admins|authority|governance|governor)$/i;
+const OWNER_MUTATOR_NAMES = /^(init|add.*owner|owner.*add|set.*owner|change.*owner|transfer.*ownership)/i;
+const RECOGNIZED_GUARD_MODIFIERS = new Set([
+    'onlyowner',
+    'onlyrole',
+    'onlyadmin',
+    'onlyauthorized',
+    'onlyoperator',
+    'onlygovernance',
+    'onlygovernor',
+    'onlyguardian',
+    'onlymanager',
+    'initializer',
+    'reinitializer',
+    'onlyonce',
+    'whennotinitialized',
+]);
+class DelegatecallInitOwnerMutatorDetector {
+    id = RULE_ID;
+    patternKey = RULE_ID;
+    supportedAstKinds = ['parser', 'solc'];
+    scanAst(ast, file, sourceText, ctxArg) {
+        if (!ast || typeof ast !== 'object')
+            return [];
+        if (containsDelegatecall(ast))
+            return [];
+        const findings = [];
+        const lineOffsets = buildLineOffsets(sourceText);
+        // SemanticModel adoption (roadmap 3.3 — Slice 2b). When undefined,
+        // falls back to per-file behaviour.
+        const semantic = ctxArg?.semantic;
+        for (const contractNode of collectContracts(ast)) {
+            if (isInterfaceLike(contractNode))
+                continue;
+            const contractName = getName(contractNode) || '<anonymous>';
+            const ownerNames = collectOwnerStateNames(contractNode);
+            if (ownerNames.size === 0)
+                continue;
+            const functions = new Map();
+            for (const fn of getContractFunctions(contractNode)) {
+                const name = functionDisplayName(fn);
+                const body = getFunctionBody(fn);
+                functions.set(name, {
+                    node: fn,
+                    name,
+                    directMutation: !!body && bodyMutatesOwnerStorage(body, ownerNames),
+                    calls: body ? collectSameContractCalls(body) : new Set(),
+                });
+            }
+            const candidates = new Map();
+            for (const info of functions.values()) {
+                if (!isSuspiciousOwnerMutatorName(info.name))
+                    continue;
+                if (isConstructor(info.node))
+                    continue;
+                if (!isExternallyCallable(info.node))
+                    continue;
+                if (hasRecognizedGuardModifier(info.node))
+                    continue;
+                const body = getFunctionBody(info.node);
+                if (!body)
+                    continue;
+                if (containsCallerAuthorizationGuard(body))
+                    continue;
+                if (containsOneShotInitializationGuard(body))
+                    continue;
+                if (!mutatesOwnerStorageTransitively(info, functions, new Set()))
+                    continue;
+                candidates.set(info.name, info);
+            }
+            const calledByCandidate = new Set();
+            for (const candidate of candidates.values()) {
+                for (const calledName of candidate.calls) {
+                    if (candidates.has(calledName))
+                        calledByCandidate.add(calledName);
+                }
+            }
+            for (const info of candidates.values()) {
+                if (calledByCandidate.has(info.name))
+                    continue;
+                const loc = (0, ast_1.getLoc)(info.node, lineOffsets) || { line: 0, column: 0 };
+                findings.push({
+                    file,
+                    contract: contractName,
+                    'function': info.name,
+                    line: loc.line,
+                    endLine: loc.line,
+                    column: loc.column,
+                    pattern: RULE_ID,
+                    confidence: 'high',
+                    ruleId: RULE_ID,
+                    severity: 'critical',
+                    message: `Parity-style multisig owner-add vulnerability in '${contractName}.${info.name}': an externally reachable initializer or owner mutator can add privileged owners without access control or a one-shot initialization guard.`,
+                    rationale: 'Mirrors the July 2017 Parity multisig add-owner exploit shape: any caller can reach wallet initialization or owner-addition storage writes after deployment and become privileged.',
+                    suggestedFix: 'Move owner setup into the constructor, or guard post-deployment initialization/owner-addition with an initializer/onlyOwner-style check before mutating owner storage.',
+                    contractName,
+                    functionName: info.name,
+                    sourceLocation: { line: loc.line, column: loc.column },
+                    findingId: '',
+                    contractHash: '',
+                });
+            }
+            // === SemanticModel adoption (roadmap 3.3 / Slice 2b) ===
+            //
+            // Also flag inherited Parity-shaped owner mutators. We require:
+            //   - The inherited function name matches the suspicious-mutator
+            //     regex.
+            //   - The DECLARING contract's AST doesn't contain delegatecall
+            //     (matching the per-file early-return; a delegatecall-bearing
+            //     base is a different exploit class).
+            //   - The declarer has owner storage names and the inherited fn
+            //     transitively mutates them within the declarer's contract.
+            //   - The inherited fn has no recognized guard, no caller-auth
+            //     guard, no one-shot init guard.
+            // The current file's contract is the anchor (where the surface is
+            // reachable); the finding's line is the current contract's def line.
+            if (semantic) {
+                const myId = `${file}::${contractName}`;
+                const myInfo = semantic.contracts.get(myId);
+                if (myInfo && myInfo.bases.length > 0) {
+                    const localFnNames = new Set();
+                    for (const fn of functions.values())
+                        if (fn.name)
+                            localFnNames.add(fn.name);
+                    for (const inheritedFn of semantic.inheritedFunctions(myId)) {
+                        if (inheritedFn.contractId === myId)
+                            continue;
+                        const inheritedName = inheritedFn.name;
+                        if (!inheritedName)
+                            continue;
+                        if (localFnNames.has(inheritedName))
+                            continue;
+                        if (!isSuspiciousOwnerMutatorName(inheritedName))
+                            continue;
+                        const fnNode = inheritedFn.node;
+                        if (!fnNode)
+                            continue;
+                        if (isConstructor(fnNode))
+                            continue;
+                        if (!isExternallyCallable(fnNode))
+                            continue;
+                        if (hasRecognizedGuardModifier(fnNode))
+                            continue;
+                        const body = getFunctionBody(fnNode);
+                        if (!body)
+                            continue;
+                        if (containsCallerAuthorizationGuard(body))
+                            continue;
+                        if (containsOneShotInitializationGuard(body))
+                            continue;
+                        const declarer = semantic.contracts.get(inheritedFn.contractId);
+                        if (!declarer || !declarer.node)
+                            continue;
+                        // Preserve the per-file invariant: if the declarer's AST
+                        // contains delegatecall, treat it as the proxy-pattern carve-
+                        // out and skip.
+                        const declarerAst = semantic.sourceUnits.get(declarer.sourcePath)?.ast;
+                        if (declarerAst && containsDelegatecall(declarerAst))
+                            continue;
+                        const declarerOwnerNames = collectOwnerStateNames(declarer.node);
+                        if (declarerOwnerNames.size === 0)
+                            continue;
+                        const declarerFunctions = new Map();
+                        for (const fn of getContractFunctions(declarer.node)) {
+                            const name = functionDisplayName(fn);
+                            const fnBody = getFunctionBody(fn);
+                            declarerFunctions.set(name, {
+                                node: fn,
+                                name,
+                                directMutation: !!fnBody && bodyMutatesOwnerStorage(fnBody, declarerOwnerNames),
+                                calls: fnBody ? collectSameContractCalls(fnBody) : new Set(),
+                            });
+                        }
+                        const declarerCandidate = declarerFunctions.get(inheritedName);
+                        if (!declarerCandidate)
+                            continue;
+                        if (!mutatesOwnerStorageTransitively(declarerCandidate, declarerFunctions, new Set()))
+                            continue;
+                        const anchorLoc = (0, ast_1.getLoc)(contractNode, lineOffsets) || { line: 1, column: 0 };
+                        findings.push({
+                            file,
+                            contract: contractName,
+                            'function': inheritedName,
+                            line: anchorLoc.line,
+                            endLine: anchorLoc.line,
+                            column: anchorLoc.column,
+                            pattern: RULE_ID,
+                            confidence: 'high',
+                            ruleId: RULE_ID,
+                            severity: 'critical',
+                            message: `Parity-style multisig owner-add vulnerability inherited from ${declarer.name}: ` +
+                                `'${contractName}.${inheritedName}' is reachable via inheritance and can mutate owner storage without ` +
+                                `access control or a one-shot initialization guard.`,
+                            rationale: `Inherited owner mutator '${inheritedName}' is externally reachable through ${contractName}'s ` +
+                                `inheritance from ${declarer.name} and lacks a recognized owner/initializer guard.`,
+                            suggestedFix: `Override '${inheritedName}' in ${contractName} with an initializer or onlyOwner-style check, ` +
+                                `or restrict access in ${declarer.name}.`,
+                            contractName,
+                            functionName: inheritedName,
+                            sourceLocation: { line: anchorLoc.line, column: anchorLoc.column },
+                            instance_key: `${contractName}::${inheritedName}`,
+                            findingId: '',
+                            contractHash: '',
+                        });
+                    }
+                }
+            }
+        }
+        return findings;
+    }
+}
+exports.DelegatecallInitOwnerMutatorDetector = DelegatecallInitOwnerMutatorDetector;
+function containsDelegatecall(ast) {
+    return walkAny(ast, node => {
+        if (isNode(node, 'FunctionCall')) {
+            const callee = node.expression;
+            return isNode(callee, 'MemberAccess') && String(callee.memberName || '').toLowerCase() === 'delegatecall';
+        }
+        if (isNode(node, 'AssemblyCall')) {
+            return String(node.functionName || '').toLowerCase() === 'delegatecall';
+        }
+        return false;
+    });
+}
+function mutatesOwnerStorageTransitively(info, functions, seen) {
+    if (info.directMutation)
+        return true;
+    if (seen.has(info.name))
+        return false;
+    seen.add(info.name);
+    for (const calledName of info.calls) {
+        const called = functions.get(calledName);
+        if (called && mutatesOwnerStorageTransitively(called, functions, seen))
+            return true;
+    }
+    return false;
+}
+function collectOwnerStateNames(contractNode) {
+    const result = new Set();
+    for (const child of getContractMembers(contractNode)) {
+        if (isNode(child, 'StateVariableDeclaration')) {
+            for (const v of child.variables || []) {
+                if (v?.name && OWNER_STORAGE_NAMES.test(String(v.name)))
+                    result.add(String(v.name));
+            }
+        }
+        else if (isNode(child, 'VariableDeclaration') && child.stateVariable) {
+            if (child.name && OWNER_STORAGE_NAMES.test(String(child.name)))
+                result.add(String(child.name));
+        }
+    }
+    return result;
+}
+function bodyMutatesOwnerStorage(body, ownerNames) {
+    return walkAny(body, node => isOwnerAssignment(node, ownerNames) || isOwnerArrayPush(node, ownerNames));
+}
+function isOwnerAssignment(node, ownerNames) {
+    if (!node || typeof node !== 'object')
+        return false;
+    let left = null;
+    if (isNode(node, 'BinaryOperation')) {
+        const operator = String(node.operator || '');
+        if (!operator.includes('=') || ['==', '===', '!=', '!==', '<=', '>='].includes(operator))
+            return false;
+        left = node.left || node.leftExpression;
+    }
+    else if (isNode(node, 'Assignment')) {
+        if (!String(node.operator || '').includes('='))
+            return false;
+        left = node.leftHandSide;
+    }
+    else {
+        return false;
+    }
+    return expressionTargetsOwnerStorage(left, ownerNames);
+}
+function isOwnerArrayPush(node, ownerNames) {
+    if (!isNode(node, 'FunctionCall'))
+        return false;
+    const callee = node.expression;
+    if (!isNode(callee, 'MemberAccess'))
+        return false;
+    if (String(callee.memberName || '') !== 'push')
+        return false;
+    return expressionTargetsOwnerStorage(callee.expression, ownerNames);
+}
+function expressionTargetsOwnerStorage(expr, ownerNames) {
+    if (!expr || typeof expr !== 'object')
+        return false;
+    if (isNode(expr, 'Identifier'))
+        return ownerNames.has(String(expr.name || ''));
+    if (isNode(expr, 'IndexAccess')) {
+        return expressionTargetsOwnerStorage(expr.base || expr.baseExpression, ownerNames);
+    }
+    if (isNode(expr, 'MemberAccess')) {
+        if (ownerNames.has(String(expr.memberName || '')))
+            return true;
+        return expressionTargetsOwnerStorage(expr.expression, ownerNames);
+    }
+    if (isNode(expr, 'TupleExpression')) {
+        return (expr.components || []).some((component) => expressionTargetsOwnerStorage(component, ownerNames));
+    }
+    return false;
+}
+function collectSameContractCalls(body) {
+    const calls = new Set();
+    walkAny(body, node => {
+        if (!isNode(node, 'FunctionCall'))
+            return false;
+        const name = getCallName(node.expression);
+        if (name)
+            calls.add(name);
+        return false;
+    });
+    return calls;
+}
+function getCallName(expr) {
+    if (!expr || typeof expr !== 'object')
+        return '';
+    if (isNode(expr, 'Identifier'))
+        return String(expr.name || '');
+    if (isNode(expr, 'MemberAccess')) {
+        if (isNode(expr.expression, 'Identifier') && String(expr.expression.name || '') === 'this') {
+            return String(expr.memberName || '');
+        }
+    }
+    return '';
+}
+function containsCallerAuthorizationGuard(body) {
+    for (const stmt of getBlockStatements(body)) {
+        if (isRequireOrAssertWith(stmt, conditionGuardsCaller))
+            return true;
+        if (isNode(stmt, 'IfStatement') && conditionDeniesCaller(stmt.condition) && bodyUnconditionallyExits(stmt.trueBody))
+            return true;
+    }
+    return false;
+}
+function containsOneShotInitializationGuard(body) {
+    let hasInitializedRequire = false;
+    let setsInitialized = false;
+    walkAny(body, node => {
+        if (isRequireOrAssertCall(node) && conditionChecksInitialized(node.arguments?.[0]))
+            hasInitializedRequire = true;
+        if (isAssignmentToInitialized(node))
+            setsInitialized = true;
+        return hasInitializedRequire && setsInitialized;
+    });
+    return hasInitializedRequire && setsInitialized;
+}
+function isRequireOrAssertWith(stmt, predicate) {
+    if (!isNode(stmt, 'ExpressionStatement'))
+        return false;
+    const expr = stmt.expression;
+    if (!isRequireOrAssertCall(expr))
+        return false;
+    return predicate(expr.arguments?.[0]);
+}
+function isRequireOrAssertCall(expr) {
+    if (!isNode(expr, 'FunctionCall'))
+        return false;
+    const name = getCallName(expr.expression).toLowerCase();
+    return name === 'require' || name === 'assert';
+}
+function conditionChecksInitialized(node) {
+    if (!node || typeof node !== 'object')
+        return false;
+    if (isNode(node, 'UnaryOperation') && String(node.operator || '') === '!') {
+        return isInitializedIdentifier(node.subExpression);
+    }
+    if (isNode(node, 'BinaryOperation')) {
+        const op = String(node.operator || '');
+        const left = node.left || node.leftExpression;
+        const right = node.right || node.rightExpression;
+        if ((op === '==' || op === '===') && ((isInitializedIdentifier(left) && isFalseLiteral(right)) || (isInitializedIdentifier(right) && isFalseLiteral(left))))
+            return true;
+        if ((op === '!=' || op === '!==') && ((isInitializedIdentifier(left) && isTrueLiteral(right)) || (isInitializedIdentifier(right) && isTrueLiteral(left))))
+            return true;
+    }
+    for (const child of childrenOf(node)) {
+        if (conditionChecksInitialized(child))
+            return true;
+    }
+    return false;
+}
+function isAssignmentToInitialized(node) {
+    let left = null;
+    let right = null;
+    if (isNode(node, 'BinaryOperation')) {
+        if (String(node.operator || '') !== '=')
+            return false;
+        left = node.left || node.leftExpression;
+        right = node.right || node.rightExpression;
+    }
+    else if (isNode(node, 'Assignment')) {
+        if (String(node.operator || '') !== '=')
+            return false;
+        left = node.leftHandSide;
+        right = node.rightHandSide;
+    }
+    else {
+        return false;
+    }
+    return isInitializedIdentifier(left) && isTrueLiteral(right);
+}
+function isInitializedIdentifier(node) {
+    return isNode(node, 'Identifier') && /^(initialized|isInitialized)$/i.test(String(node.name || ''));
+}
+function isTrueLiteral(node) {
+    const value = node?.value ?? node?.hexValue;
+    return node?.kind === 'bool' && String(value) === 'true';
+}
+function isFalseLiteral(node) {
+    const value = node?.value ?? node?.hexValue;
+    return node?.kind === 'bool' && String(value) === 'false';
+}
+function conditionGuardsCaller(node) {
+    if (!node || typeof node !== 'object')
+        return false;
+    if (isCallerEqualityCheck(node))
+        return true;
+    if (isOwnerMembershipCheck(node))
+        return true;
+    for (const child of childrenOf(node)) {
+        if (conditionGuardsCaller(child))
+            return true;
+    }
+    return false;
+}
+function conditionDeniesCaller(node) {
+    if (!node || typeof node !== 'object')
+        return false;
+    if (isNode(node, 'UnaryOperation') && String(node.operator || '') === '!') {
+        return conditionGuardsCaller(node.subExpression);
+    }
+    if (isNode(node, 'BinaryOperation')) {
+        const op = String(node.operator || '');
+        const left = node.left || node.leftExpression;
+        const right = node.right || node.rightExpression;
+        if ((op === '!=' || op === '!==') && ((isMsgSender(left) && isAuthSubject(right)) || (isMsgSender(right) && isAuthSubject(left))))
+            return true;
+    }
+    return false;
+}
+function isCallerEqualityCheck(node) {
+    if (!isNode(node, 'BinaryOperation'))
+        return false;
+    const op = String(node.operator || '');
+    if (op !== '==' && op !== '===')
+        return false;
+    const left = node.left || node.leftExpression;
+    const right = node.right || node.rightExpression;
+    return (isMsgSender(left) && isAuthSubject(right)) || (isMsgSender(right) && isAuthSubject(left));
+}
+function isOwnerMembershipCheck(node) {
+    if (isNode(node, 'IndexAccess')) {
+        const base = node.base || node.baseExpression;
+        const index = node.index || node.indexExpression;
+        return isOwnerLikeIdentifier(base) && isMsgSender(index);
+    }
+    return false;
+}
+function isOwnerLikeIdentifier(node) {
+    return isNode(node, 'Identifier') && /^(isOwner|owners)$/i.test(String(node.name || ''));
+}
+function isAuthSubject(node) {
+    if (!node || typeof node !== 'object')
+        return false;
+    if (isNode(node, 'Identifier'))
+        return /^(owner|admin|governance|governor|guardian|authority|operator|manager)$/i.test(String(node.name || ''));
+    if (isNode(node, 'MemberAccess'))
+        return /^(owner|admin|governance|governor|guardian|authority|operator|manager)$/i.test(String(node.memberName || ''));
+    return false;
+}
+function isMsgSender(node) {
+    return isNode(node, 'MemberAccess') &&
+        String(node.memberName || '') === 'sender' &&
+        isNode(node.expression, 'Identifier') &&
+        String(node.expression.name || '') === 'msg';
+}
+function bodyUnconditionallyExits(body) {
+    if (!body || typeof body !== 'object')
+        return false;
+    if (isNode(body, 'Block'))
+        return getBlockStatements(body).some(statementGuaranteesExit);
+    return statementGuaranteesExit(body);
+}
+function statementGuaranteesExit(stmt) {
+    if (!stmt || typeof stmt !== 'object')
+        return false;
+    if (isNode(stmt, 'ThrowStatement') || isNode(stmt, 'RevertStatement'))
+        return true;
+    if (isNode(stmt, 'ExpressionStatement') && isNode(stmt.expression, 'FunctionCall')) {
+        return getCallName(stmt.expression.expression).toLowerCase() === 'revert';
+    }
+    if (isNode(stmt, 'Block'))
+        return bodyUnconditionallyExits(stmt);
+    return false;
+}
+function isSuspiciousOwnerMutatorName(name) {
+    return OWNER_MUTATOR_NAMES.test(name);
+}
+function isInterfaceLike(contractNode) {
+    const kind = String(contractNode?.kind || contractNode?.contractKind || '').toLowerCase();
+    return kind === 'interface';
+}
+function isConstructor(fn) {
+    if (!fn)
+        return false;
+    if (fn.isConstructor === true)
+        return true;
+    return String(fn.kind || '').toLowerCase() === 'constructor';
+}
+function isExternallyCallable(fn) {
+    if (!fn || isConstructor(fn))
+        return false;
+    const kind = String(fn.kind || '').toLowerCase();
+    if (kind === 'fallback' || kind === 'receive' || fn.isFallback === true || fn.isReceiveEther === true)
+        return true;
+    const visibility = String(fn.visibility || '').toLowerCase();
+    return visibility === 'public' || visibility === 'external';
+}
+function hasRecognizedGuardModifier(fn) {
+    for (const modifier of fn.modifiers || []) {
+        const name = getModifierName(modifier).toLowerCase();
+        if (RECOGNIZED_GUARD_MODIFIERS.has(name))
+            return true;
+    }
+    return false;
+}
+function getModifierName(modifier) {
+    if (!modifier)
+        return '';
+    if (typeof modifier === 'string')
+        return modifier;
+    if (typeof modifier.name === 'string')
+        return modifier.name;
+    if (modifier.name && typeof modifier.name === 'object') {
+        if (typeof modifier.name.name === 'string')
+            return modifier.name.name;
+        if (typeof modifier.name.namePath === 'string')
+            return modifier.name.namePath;
+    }
+    if (modifier.modifierName) {
+        const inner = modifier.modifierName;
+        if (typeof inner === 'string')
+            return inner;
+        if (inner && typeof inner.name === 'string')
+            return inner.name;
+    }
+    return '';
+}
+function functionDisplayName(fn) {
+    if (fn.isFallback === true)
+        return '<fallback>';
+    if (fn.isReceiveEther === true)
+        return '<receive>';
+    const kind = String(fn.kind || '').toLowerCase();
+    if (kind === 'fallback')
+        return '<fallback>';
+    if (kind === 'receive')
+        return '<receive>';
+    const name = fn.name;
+    if (typeof name === 'string' && name.length > 0)
+        return name;
+    return '<anonymous>';
+}
+function getName(node) {
+    return typeof node?.name === 'string' ? node.name : '';
+}
+function getFunctionBody(node) {
+    return node?.body || null;
+}
+function getContractFunctions(contractNode) {
+    return getContractMembers(contractNode).filter(child => isNode(child, 'FunctionDefinition'));
+}
+function getContractMembers(contractNode) {
+    if (!contractNode || typeof contractNode !== 'object')
+        return [];
+    if (Array.isArray(contractNode.subNodes))
+        return contractNode.subNodes;
+    if (Array.isArray(contractNode.nodes))
+        return contractNode.nodes;
+    return [];
+}
+function getBlockStatements(body) {
+    if (!body || typeof body !== 'object')
+        return [];
+    return Array.isArray(body.statements) ? body.statements : [];
+}
+function collectContracts(ast) {
+    const out = [];
+    walkContracts(ast, node => out.push(node));
+    return out;
+}
+function walkContracts(node, visit) {
+    if (!node || typeof node !== 'object')
+        return;
+    if (isNode(node, 'ContractDefinition')) {
+        visit(node);
+        return;
+    }
+    for (const child of childrenOf(node))
+        walkContracts(child, visit);
+}
+function isNode(node, kind) {
+    return node?.type === kind || node?.nodeType === kind;
+}
+function walkAny(node, predicate) {
+    if (!node || typeof node !== 'object')
+        return false;
+    if (predicate(node))
+        return true;
+    for (const child of childrenOf(node)) {
+        if (walkAny(child, predicate))
+            return true;
+    }
+    return false;
+}
+function childrenOf(node) {
+    if (!node || typeof node !== 'object')
+        return [];
+    const children = [];
+    for (const [key, value] of Object.entries(node)) {
+        if (key === 'loc' || key === 'src' || key === 'range' || key === 'typeDescriptions' || key === 'id' || key === 'typeName')
+            continue;
+        if (Array.isArray(value)) {
+            for (const item of value) {
+                if (item && typeof item === 'object')
+                    children.push(item);
+            }
+        }
+        else if (value && typeof value === 'object') {
+            children.push(value);
+        }
+    }
+    return children;
+}
+function buildLineOffsets(sourceText) {
+    if (sourceText === undefined)
+        return undefined;
+    const lineOffsets = [0];
+    let byteOffset = 0;
+    for (const char of sourceText) {
+        byteOffset += Buffer.byteLength(char, 'utf8');
+        if (char === '\n')
+            lineOffsets.push(byteOffset);
+    }
+    return lineOffsets;
+}
+//# sourceMappingURL=delegatecall-init-owner-mutator.js.map

package/dist/detectors/delegatecall-init.d.ts

@@ -0,0 +1,7 @@
+import type { ScanResult } from '../index';
+export declare class DelegatecallInitDetector {
+    readonly id = "delegatecall-init";
+    readonly patternKey = "delegatecall-init";
+    readonly supportedAstKinds: ("parser" | "solc")[];
+    scanAst(ast: any, file: string, sourceText?: string): ScanResult[];
+}