blueprint-tsa 1.0.0

package/dist/cli.d.ts

@@ -0,0 +1,13 @@
+import yargs from "yargs";
+import { Args, UIProvider } from "@ton/blueprint";
+export interface CommandContext {
+    ui: UIProvider;
+    args: Args;
+}
+export interface CommandHandler {
+    (context: CommandContext, parsedArgs: yargs.ArgumentsCamelCase): Promise<void>;
+}
+/**
+ * Main CLI router - parses subcommands and delegates to handlers
+ */
+export declare const createCLI: (context: CommandContext) => yargs.Argv<{}>;

package/dist/cli.js

@@ -0,0 +1,54 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createCLI = void 0;
+const yargs_1 = __importDefault(require("yargs"));
+const drain_check_js_1 = require("./commands/drain-check.js");
+const clean_js_1 = require("./commands/clean.js");
+const owner_hijack_check_js_1 = require("./commands/owner-hijack-check.js");
+const reproduce_js_1 = require("./commands/reproduce.js");
+const replay_attack_check_js_1 = require("./commands/replay-attack-check.js");
+const opcode_info_js_1 = require("./commands/opcode-info.js");
+const audit_js_1 = require("./commands/audit.js");
+const bounce_check_js_1 = require("./commands/bounce-check.js");
+/**
+ * Main CLI router - parses subcommands and delegates to handlers
+ */
+const createCLI = (context) => {
+    const { args, ui } = context;
+    const argv = args._.slice(1);
+    const drainCheckConfig = (0, drain_check_js_1.configureDrainCheckCommand)(context);
+    const replayAttackCheckConfig = (0, replay_attack_check_js_1.configureReplayAttackCheckCommand)(context);
+    const cleanConfig = (0, clean_js_1.configureCleanCommand)();
+    const reproduceCommand = (0, reproduce_js_1.configureReproduceCommand)(context);
+    const ownerHijackConfig = (0, owner_hijack_check_js_1.configureOwnerHijackCommand)(context);
+    const opcodeInfoConfig = (0, opcode_info_js_1.configureOpcodeInfoCommand)(context);
+    const auditConfig = (0, audit_js_1.configureAuditCommand)(context);
+    const bounceCheckConfig = (0, bounce_check_js_1.configureBounceCheckCommand)(context);
+    return (0, yargs_1.default)(argv)
+        .scriptName("tsa")
+        .command(drainCheckConfig.command, drainCheckConfig.description, drainCheckConfig.builder, drainCheckConfig.handler)
+        .command(replayAttackCheckConfig.command, replayAttackCheckConfig.description, replayAttackCheckConfig.builder, replayAttackCheckConfig.handler)
+        .command(cleanConfig.command, cleanConfig.description, cleanConfig.builder, cleanConfig.handler)
+        .command(ownerHijackConfig.command, ownerHijackConfig.description, ownerHijackConfig.builder, ownerHijackConfig.handler)
+        .command(reproduceCommand.command, reproduceCommand.description, reproduceCommand.builder, reproduceCommand.handler)
+        .command(opcodeInfoConfig.command, opcodeInfoConfig.description, opcodeInfoConfig.builder, opcodeInfoConfig.handler)
+        .command(auditConfig.command, auditConfig.description, auditConfig.builder, auditConfig.handler)
+        .command(bounceCheckConfig.command, bounceCheckConfig.description, bounceCheckConfig.builder, bounceCheckConfig.handler)
+        .demandCommand(1, "Please specify a subcommand")
+        .help()
+        .alias("help", "h")
+        .strict()
+        .fail(async (msg, err, yargs) => {
+        if (err) {
+            throw err;
+        }
+        ui.write(`\nError: ${msg}`);
+        ui.write("");
+        yargs.showHelp((s) => ui.write(s));
+        process.exit(1);
+    });
+};
+exports.createCLI = createCLI;

package/dist/commands/audit.d.ts

@@ -0,0 +1,19 @@
+import { Argv } from "yargs";
+import yargs from "yargs";
+import { CommandContext } from "../cli.js";
+export declare const configureAuditCommand: (context: CommandContext) => {
+    command: string;
+    description: string;
+    builder: (yargs: Argv) => Argv<{
+        contract: string;
+    } & {
+        timeout: number | undefined;
+    } & {
+        "owner-method": string | undefined;
+    } & {
+        "disable-opcode-extraction": boolean | undefined;
+    } & {
+        verbose: boolean | undefined;
+    }>;
+    handler: (argv: yargs.ArgumentsCamelCase) => Promise<void>;
+};

package/dist/commands/audit.js

@@ -0,0 +1,296 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.configureAuditCommand = void 0;
+const fs_1 = require("fs");
+const path_1 = __importDefault(require("path"));
+const constants_js_1 = require("../common/constants.js");
+const build_utils_js_1 = require("../common/build-utils.js");
+const paths_js_1 = require("../common/paths.js");
+const format_utils_js_1 = require("../common/format-utils.js");
+const opcode_extractor_js_1 = require("../common/opcode-extractor.js");
+const core_1 = require("@ton/core");
+const utils_js_1 = require("../reproduce/utils.js");
+const drain_check_js_1 = require("./drain-check.js");
+const replay_attack_check_js_1 = require("./replay-attack-check.js");
+const owner_hijack_check_js_1 = require("./owner-hijack-check.js");
+const bounce_check_js_1 = require("./bounce-check.js");
+const opcode_info_js_1 = require("./opcode-info.js");
+const ONE_MINUTE_SECONDS = 60;
+function getCheckCommand(checkName, contractName, timeout, ownerMethod) {
+    let commandId;
+    if (checkName === constants_js_1.DRAIN_CHECK_NAME) {
+        commandId = constants_js_1.DRAIN_CHECK_ID;
+    }
+    else if (checkName === constants_js_1.REPLAY_ATTACK_CHECK_NAME) {
+        commandId = constants_js_1.REPLAY_ATTACK_CHECK_ID;
+    }
+    else if (checkName === constants_js_1.OWNER_HIJACK_CHECK_NAME) {
+        commandId = constants_js_1.OWNER_HIJACK_CHECK_ID;
+    }
+    else if (checkName === constants_js_1.BOUNCE_CHECK_NAME) {
+        commandId = constants_js_1.BOUNCE_CHECK_ID;
+    }
+    if (!commandId) {
+        throw new Error(`Unknown check: ${checkName}`);
+    }
+    let command = `yarn blueprint tsa ${commandId} -c ${contractName}`;
+    if (timeout !== null) {
+        command += ` -t ${timeout}`;
+    }
+    if (ownerMethod !== undefined && checkName === constants_js_1.OWNER_HIJACK_CHECK_NAME) {
+        command += ` -m ${ownerMethod}`;
+    }
+    return command;
+}
+function getCheckDescriptionUrl(checkName) {
+    if (checkName === constants_js_1.DRAIN_CHECK_NAME) {
+        return constants_js_1.DRAIN_DESCRIPTION_URL;
+    }
+    else if (checkName === constants_js_1.REPLAY_ATTACK_CHECK_NAME) {
+        return constants_js_1.REPLAY_DESCRIPTION_URL;
+    }
+    else if (checkName === constants_js_1.OWNER_HIJACK_CHECK_NAME) {
+        return constants_js_1.OWNER_HIJACK_DESCRIPTION_URL;
+    }
+    else if (checkName === constants_js_1.BOUNCE_CHECK_NAME) {
+        return constants_js_1.BOUNCE_DESCRIPTION_URL;
+    }
+    return undefined;
+}
+function buildCheckResult(checkName, analyzer, passedMessage, failedMessage, contractName, timeout, ownerMethod) {
+    const vulnerability = analyzer.vulnerabilityIsPresent();
+    const result = {
+        name: checkName,
+        passed: !vulnerability,
+        message: vulnerability ? failedMessage : passedMessage,
+        checkCommand: getCheckCommand(checkName, contractName, timeout, ownerMethod),
+    };
+    if (vulnerability) {
+        const vulnDesc = analyzer.getVulnerability();
+        if (vulnDesc) {
+            result.vulnerabilityPath = (0, paths_js_1.getInputsPath)(analyzer.id, vulnDesc.executionIndex);
+            result.analyzerId = analyzer.id;
+        }
+        result.descriptionUrl = getCheckDescriptionUrl(checkName);
+    }
+    return result;
+}
+async function runOpcodeInfoCheck(contractName, contractPath, ui, timeout, opcodes, verbose) {
+    // Calculate timeout per opcode
+    let opcodeTimeout = null;
+    if (timeout !== null && opcodes.length > 0) {
+        opcodeTimeout = Math.floor(timeout / opcodes.length);
+        ui.write("");
+        ui.write(`Opcode authorization check: using timeout of ${opcodeTimeout} seconds per opcode (${timeout} / ${opcodes.length})`);
+    }
+    const results = [];
+    for (const opcode of opcodes) {
+        const info = await (0, opcode_info_js_1.runOpcodeAuthorizationCheckAnalysis)(opcode, contractName, contractPath, ui, opcodeTimeout, `Authorization check for ${(0, format_utils_js_1.formatOpcodeHex)(opcode)} completed.`, verbose);
+        if (info !== null) {
+            results.push(info);
+        }
+    }
+    return results;
+}
+async function runDrainCheck(contractName, contractPath, ui, timeout, opcodes, verbose) {
+    const analyzer = await (0, drain_check_js_1.runDrainCheckAnalysis)(contractName, contractPath, ui, timeout, opcodes, verbose, `${constants_js_1.DRAIN_CHECK_NAME} completed.`);
+    return buildCheckResult(constants_js_1.DRAIN_CHECK_NAME, analyzer, "No drain vulnerabilities detected", "Vulnerability found - contract may be vulnerable to drain attacks", contractName, timeout);
+}
+async function runReplayAttackCheck(contractName, contractPath, ui, timeout, verbose) {
+    const analyzer = await (0, replay_attack_check_js_1.runReplayAttackCheckAnalysis)(contractName, contractPath, ui, timeout, verbose, `${constants_js_1.REPLAY_ATTACK_CHECK_NAME} completed.`);
+    return buildCheckResult(constants_js_1.REPLAY_ATTACK_CHECK_NAME, analyzer, "No replay attack vulnerabilities detected", "Vulnerability found - contract may be vulnerable to replay attacks", contractName, timeout);
+}
+async function runOwnerHijackCheck(contractName, contractPath, ui, timeout, methodName, opcodes, verbose) {
+    const methodId = BigInt((0, core_1.getMethodId)(methodName));
+    const analyzer = await (0, owner_hijack_check_js_1.runOwnerHijackCheckAnalysis)(contractName, contractPath, ui, timeout, methodId, opcodes, verbose, `${constants_js_1.OWNER_HIJACK_CHECK_NAME} completed.`);
+    return buildCheckResult(constants_js_1.OWNER_HIJACK_CHECK_NAME, analyzer, "No owner hijack vulnerabilities detected", "Vulnerability found - contract owner may be hijackable", contractName, timeout, methodName);
+}
+async function runBounceCheck(contractName, contractPath, ui, timeout, opcodes, verbose) {
+    const analyzer = await (0, bounce_check_js_1.runBounceCheckAnalysis)(contractName, contractPath, ui, timeout, opcodes, verbose, `${constants_js_1.BOUNCE_CHECK_NAME} completed.`);
+    return buildCheckResult(constants_js_1.BOUNCE_CHECK_NAME, analyzer, "No bounce message handling vulnerabilities detected", "Vulnerability found - contract may not handle bounced messages correctly", contractName, timeout);
+}
+function buildAuditReport(summary) {
+    const lines = [];
+    lines.push("");
+    lines.push("═".repeat(60));
+    lines.push(`  AUDIT SUMMARY: ${summary.contract}`);
+    lines.push("═".repeat(60));
+    lines.push("");
+    // Add opcode information
+    if (summary.opcodeInfo.length > 0) {
+        const opcodeInfoFormatted = (0, opcode_info_js_1.formatOpcodeInfo)(summary.opcodeInfo);
+        lines.push(opcodeInfoFormatted);
+    }
+    // Add check results
+    lines.push("Security Checks:");
+    lines.push("");
+    let allPassed = true;
+    for (const check of summary.checks) {
+        const status = check.passed ? constants_js_1.Sym.OK : constants_js_1.Sym.ERR;
+        lines.push(`  ${status} ${check.name}: ${check.message}`);
+        if (check.vulnerabilityPath) {
+            const relativePath = path_1.default.relative(process.cwd(), check.vulnerabilityPath);
+            lines.push(`     Path to reproducing input: ${relativePath}`);
+        }
+        if (check.descriptionUrl) {
+            lines.push(`     Description: ${check.descriptionUrl}`);
+        }
+        lines.push("");
+        if (!check.passed) {
+            allPassed = false;
+        }
+    }
+    lines.push("─".repeat(60));
+    if (allPassed) {
+        lines.push(`  ${constants_js_1.Sym.OK} All checks passed!`);
+    }
+    else {
+        lines.push(`  ${constants_js_1.Sym.WARN} Some checks failed - review the results above`);
+    }
+    lines.push("─".repeat(60));
+    lines.push("");
+    let report = lines.join("\n");
+    // Add vulnerability instructions for checks with vulnerabilities
+    const vulnerabilityInstructions = [];
+    for (const check of summary.checks) {
+        if (check.analyzerId) {
+            const instructions = (0, utils_js_1.getReproductionInstructions)(check.analyzerId);
+            vulnerabilityInstructions.push("─".repeat(60));
+            vulnerabilityInstructions.push(`  ${check.name}`);
+            vulnerabilityInstructions.push("─".repeat(60));
+            vulnerabilityInstructions.push("To run only this check, use:");
+            vulnerabilityInstructions.push(`> ${check.checkCommand}`);
+            vulnerabilityInstructions.push("");
+            if (instructions) {
+                vulnerabilityInstructions.push(instructions);
+                vulnerabilityInstructions.push("");
+            }
+        }
+    }
+    report += "\n";
+    if (vulnerabilityInstructions.length > 0) {
+        report += vulnerabilityInstructions.join("\n");
+    }
+    return report;
+}
+function printAuditSummary(summary, ui) {
+    const report = buildAuditReport(summary);
+    ui.write(report);
+}
+function saveAuditReport(summary, ui) {
+    const report = buildAuditReport(summary);
+    const reportsDir = (0, paths_js_1.findTSAReportsDirectory)();
+    const reportId = (0, format_utils_js_1.generateReportId)();
+    const fileName = `audit-${summary.contract}-${reportId}.txt`;
+    const filePath = path_1.default.join(reportsDir, fileName);
+    (0, fs_1.writeFileSync)(filePath, report);
+    ui.write("");
+    ui.write(`${constants_js_1.Sym.OK} Report saved to: ${filePath}`);
+    return filePath;
+}
+const auditHandler = async (context, args) => {
+    const { ui } = context;
+    const { timeout, contract, ownerMethod, disableOpcodeExtraction, verbose } = args;
+    await (0, build_utils_js_1.buildContracts)(ui);
+    const contractPath = (0, paths_js_1.findCompiledContract)(contract);
+    if (!(0, fs_1.existsSync)(contractPath)) {
+        ui.write(`\n${constants_js_1.Sym.ERR} Contract ${contract} not found`);
+        process.exit(1);
+    }
+    // Extract opcodes if not disabled
+    let opcodes = [];
+    if (!disableOpcodeExtraction) {
+        opcodes = await (0, opcode_extractor_js_1.extractOpcodes)({
+            ui,
+            codePath: contractPath,
+            contractName: contract,
+        });
+    }
+    // Calculate timeout if not provided
+    // Timeout is per analyzer run (except for opcode-info where it's divided by number of opcodes)
+    let effectiveTimeout = timeout ?? null;
+    if (effectiveTimeout === null && opcodes.length > 0) {
+        effectiveTimeout = ONE_MINUTE_SECONDS * (opcodes.length + 1);
+        ui.write("");
+        ui.write(`Timeout was calculated automatically: ${effectiveTimeout} seconds per analyzer run (based on ${opcodes.length} opcodes)`);
+    }
+    const summary = {
+        contract: contract,
+        checks: [],
+        opcodeInfo: [],
+    };
+    // Run opcode-info check
+    ui.write("");
+    ui.write(`${constants_js_1.Sym.WAIT} Running opcode authorization analysis...`);
+    summary.opcodeInfo = await runOpcodeInfoCheck(contract, contractPath, ui, effectiveTimeout, opcodes, verbose);
+    // Run drain-check
+    ui.write("");
+    ui.write(`${constants_js_1.Sym.WAIT} Running drain check...`);
+    const drainResult = await runDrainCheck(contract, contractPath, ui, effectiveTimeout, opcodes, verbose);
+    summary.checks.push(drainResult);
+    // Run replay-attack-check
+    ui.write("");
+    ui.write(`${constants_js_1.Sym.WAIT} Running replay attack check...`);
+    const replayResult = await runReplayAttackCheck(contract, contractPath, ui, effectiveTimeout, verbose);
+    summary.checks.push(replayResult);
+    // Run bounce-check
+    ui.write("");
+    ui.write(`${constants_js_1.Sym.WAIT} Running bounce check...`);
+    const bounceResult = await runBounceCheck(contract, contractPath, ui, effectiveTimeout, opcodes, verbose);
+    summary.checks.push(bounceResult);
+    // Run owner-hijack-check if owner method is provided
+    if (ownerMethod) {
+        ui.write("");
+        ui.write(`${constants_js_1.Sym.WAIT} Running owner hijack check...`);
+        const ownerResult = await runOwnerHijackCheck(contract, contractPath, ui, effectiveTimeout, ownerMethod, opcodes, verbose);
+        summary.checks.push(ownerResult);
+    }
+    else {
+        ui.write("");
+        ui.write(`${constants_js_1.Sym.WARN} Owner-method was not specified - owner hijack check is skipped`);
+    }
+    // Print summary
+    printAuditSummary(summary, ui);
+    // Save report to file
+    saveAuditReport(summary, ui);
+    (0, utils_js_1.printCleanupInstructions)(ui);
+};
+const configureAuditCommand = (context) => {
+    return {
+        command: constants_js_1.AUDIT_ID,
+        description: "Run all available security checks and print a summary",
+        builder: (yargs) => yargs
+            .option("contract", {
+            alias: "c",
+            type: "string",
+            description: "Contract name",
+            demandOption: true,
+        })
+            .option("timeout", {
+            alias: "t",
+            type: "number",
+            description: "Analysis timeout in seconds per analyzer run (for opcode-info, divided by number of opcodes)",
+        })
+            .option("owner-method", {
+            alias: "m",
+            type: "string",
+            description: "The method name of get_owner getter (optional, enables owner hijack check)",
+        })
+            .option("disable-opcode-extraction", {
+            type: "boolean",
+            description: "Disable opcode extraction. This affects path selection strategy and default timeout.",
+        })
+            .option("verbose", {
+            alias: "v",
+            type: "boolean",
+            description: "Use debug output in TSA log",
+        }),
+        handler: async (argv) => {
+            await auditHandler(context, argv);
+        },
+    };
+};
+exports.configureAuditCommand = configureAuditCommand;

package/dist/commands/bounce-check.d.ts

@@ -0,0 +1,15 @@
+import { UIProvider } from "@ton/blueprint";
+import { CommandContext } from "../cli.js";
+import { AnalyzerWrapper } from "../common/analyzer-wrapper.js";
+export declare const configureBounceCheckCommand: (context: CommandContext) => any;
+/**
+ * Runs bounce check analysis and returns the analyzer wrapper
+ * @param contractName - Name of the contract
+ * @param contractPath - Path to the compiled contract
+ * @param ui - UI provider
+ * @param timeout - Analysis timeout in seconds
+ * @param opcodes - List of opcodes to analyze
+ * @param verbose - Enable verbose output
+ * @returns AnalyzerWrapper instance
+ */
+export declare const runBounceCheckAnalysis: (contractName: string, contractPath: string, ui: UIProvider, timeout: number | null, opcodes: number[], verbose?: boolean, completionMessage?: string) => Promise<AnalyzerWrapper>;

package/dist/commands/bounce-check.js

@@ -0,0 +1,152 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runBounceCheckAnalysis = exports.configureBounceCheckCommand = void 0;
+const fs_1 = require("fs");
+const core_1 = require("@ton/core");
+const analyzer_wrapper_js_1 = require("../common/analyzer-wrapper.js");
+const constants_js_1 = require("../common/constants.js");
+const build_utils_js_1 = require("../common/build-utils.js");
+const file_utils_js_1 = require("../common/file-utils.js");
+const utils_js_1 = require("../reproduce/utils.js");
+const paths_js_1 = require("../common/paths.js");
+const opcode_extractor_js_1 = require("../common/opcode-extractor.js");
+const os_1 = require("os");
+const path_1 = __importDefault(require("path"));
+const ONE_MINUTE_SECONDS = 60;
+const configureBounceCheckCommand = (context) => {
+    return {
+        command: constants_js_1.BOUNCE_CHECK_ID,
+        description: "Check if contract processes bounced messages correctly",
+        builder: (yargs) => yargs
+            .option("timeout", {
+            alias: "t",
+            type: "number",
+            description: "Analysis timeout in seconds",
+        })
+            .option("contract", {
+            alias: "c",
+            type: "string",
+            description: "Contract name",
+            demandOption: true,
+        })
+            .option("verbose", {
+            alias: "v",
+            type: "boolean",
+            description: "Use debug output in TSA log",
+        })
+            .option("disable-opcode-extraction", {
+            type: "boolean",
+            description: "Disable opcode extraction. This affects path selection strategy and default timeout.",
+        }),
+        handler: async (argv) => {
+            await bounceCheckCommand(context, argv);
+        },
+    };
+};
+exports.configureBounceCheckCommand = configureBounceCheckCommand;
+/**
+ * Runs bounce check analysis and returns the analyzer wrapper
+ * @param contractName - Name of the contract
+ * @param contractPath - Path to the compiled contract
+ * @param ui - UI provider
+ * @param timeout - Analysis timeout in seconds
+ * @param opcodes - List of opcodes to analyze
+ * @param verbose - Enable verbose output
+ * @returns AnalyzerWrapper instance
+ */
+const runBounceCheckAnalysis = async (contractName, contractPath, ui, timeout, opcodes, verbose = false, completionMessage = "Analysis complete.") => {
+    const checkerPath = (0, paths_js_1.getCheckerPath)(constants_js_1.BOUNCE_CHECK_FILENAME);
+    const schemePath = (0, paths_js_1.getCheckerPath)(constants_js_1.BOUNCE_CHECK_SCHEME_FILENAME);
+    const throwerFuncPath = (0, paths_js_1.getThrowerPath)();
+    // Compile thrower FunC to BoC
+    const throwerBocBase64 = await (0, build_utils_js_1.compileFuncFileToBase64Boc)(throwerFuncPath, constants_js_1.THROWER_FILENAME);
+    // Write compiled BoC to temporary file and run analysis
+    const tempThrowerBocPath = path_1.default.join((0, os_1.tmpdir)(), `thrower-${Date.now()}.boc`);
+    return (0, file_utils_js_1.doWithTemporaryFile)(async (tempPath) => {
+        (0, fs_1.writeFileSync)(tempPath, Buffer.from(throwerBocBase64, "base64"));
+        const properties = [
+            { key: "Contract", value: contractName },
+            { key: "Mode", value: constants_js_1.BOUNCE_CHECK_NAME },
+            {
+                key: "Options",
+                separator: true,
+                children: [
+                    {
+                        key: "Timeout",
+                        value: timeout !== null ? `${timeout} seconds` : "not set",
+                    },
+                ],
+            },
+        ];
+        const checkerCell = (0, core_1.beginCell)().endCell();
+        const analyzer = new analyzer_wrapper_js_1.AnalyzerWrapper({
+            ui,
+            checkerPath,
+            checkerCell,
+            properties,
+            codePath: contractPath,
+        });
+        const reportDir = (0, paths_js_1.getReportDirectory)(analyzer.id);
+        const sarifPath = (0, paths_js_1.getSarifReportPath)(analyzer.id);
+        await analyzer.run(constants_js_1.BOUNCE_CHECK_FILENAME, (wrapper) => [
+            "custom-checker-compiled",
+            "--checker",
+            wrapper.getTempBocPath(),
+            "--contract",
+            contractPath,
+            "--contract",
+            tempPath,
+            "--stop-when-exit-codes-found",
+            constants_js_1.ERROR_EXIT_CODE.toString(),
+            "--checker-data",
+            wrapper.getTempCheckerCellPath(),
+            "--output",
+            sarifPath,
+            ...(timeout != null ? ["--timeout", timeout.toString()] : []),
+            "--exported-inputs",
+            reportDir,
+            ...(verbose ? ["-v"] : []),
+            "--scheme",
+            schemePath,
+            "--continue-on-contract-exception",
+            ...opcodes.flatMap((opcode) => ["--opcode", opcode.toString()]),
+        ], completionMessage);
+        return analyzer;
+    }, tempThrowerBocPath);
+};
+exports.runBounceCheckAnalysis = runBounceCheckAnalysis;
+const bounceCheckCommand = async (context, parsedArgs) => {
+    const { ui } = context;
+    await (0, build_utils_js_1.buildContracts)(ui);
+    if (!parsedArgs.contract) {
+        throw new Error("Contract name or path is required");
+    }
+    const contract = parsedArgs.contract;
+    const contractPath = (0, paths_js_1.findCompiledContract)(contract);
+    if (!(0, fs_1.existsSync)(contractPath)) {
+        ui.write(`\n${constants_js_1.Sym.ERR} Contract ${contract} not found`);
+        process.exit(1);
+    }
+    let opcodes = [];
+    if (!parsedArgs["disable-opcode-extraction"]) {
+        opcodes = await (0, opcode_extractor_js_1.extractOpcodes)({
+            ui,
+            codePath: contractPath,
+            contractName: contract,
+        });
+    }
+    let timeout = parsedArgs.timeout ?? null;
+    // If timeout wasn't provided, set it to 1 minute * (number_of_opcodes + 1)
+    if (timeout === null && opcodes.length > 0) {
+        timeout = ONE_MINUTE_SECONDS * (opcodes.length + 1);
+        ui.write("");
+        ui.write("The timeout was calculated automatically based on the number of opcodes.");
+    }
+    const analyzer = await (0, exports.runBounceCheckAnalysis)(contract, contractPath, ui, timeout, opcodes, parsedArgs.verbose);
+    const vulnerability = analyzer.getVulnerability();
+    analyzer.reportVulnerability(vulnerability, constants_js_1.BOUNCE_DESCRIPTION_URL);
+    (0, utils_js_1.printCleanupInstructions)(ui);
+};

package/dist/commands/clean.d.ts

@@ -0,0 +1 @@
+export declare const configureCleanCommand: () => any;

package/dist/commands/clean.js

@@ -0,0 +1,20 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.configureCleanCommand = void 0;
+const fs_1 = require("fs");
+const paths_js_1 = require("../common/paths.js");
+const configureCleanCommand = () => {
+    return {
+        command: "clean",
+        description: "Clean directory with reports",
+        builder: (yargs) => yargs,
+        handler: async (_argv) => {
+            await cleanCommand();
+        },
+    };
+};
+exports.configureCleanCommand = configureCleanCommand;
+const cleanCommand = async () => {
+    const reportsDir = (0, paths_js_1.findTSAReportsDirectory)();
+    (0, fs_1.rmSync)(reportsDir, { recursive: true, force: true });
+};

package/dist/commands/drain-check.d.ts

@@ -0,0 +1,32 @@
+import yargs, { Argv } from "yargs";
+import { UIProvider } from "@ton/blueprint";
+import { CommandContext } from "../cli.js";
+import { ReproduceParameters } from "../reproduce/network.js";
+import { ConcreteAnalysisConfig } from "../reproduce/concrete-analysis.js";
+import { AnalyzerWrapper } from "../common/analyzer-wrapper.js";
+export declare const configureDrainCheckCommand: (context: CommandContext) => {
+    command: string;
+    description: string;
+    builder: (yargs: Argv) => yargs.Argv<{
+        timeout: number | undefined;
+    } & {
+        contract: string;
+    } & {
+        verbose: boolean | undefined;
+    } & {
+        "disable-opcode-extraction": boolean | undefined;
+    }>;
+    handler: (argv: yargs.ArgumentsCamelCase) => Promise<void>;
+};
+/**
+ * Runs drain check analysis and returns the analyzer wrapper
+ * @param contractName - Name of the contract
+ * @param contractPath - Path to the compiled contract
+ * @param ui - UI provider
+ * @param timeout - Analysis timeout in seconds
+ * @param opcodes - List of opcodes to analyze
+ * @param verbose - Enable verbose output
+ * @returns AnalyzerWrapper instance
+ */
+export declare const runDrainCheckAnalysis: (contractName: string, contractPath: string, ui: UIProvider, timeout: number | null, opcodes: number[], verbose?: boolean, completionMessage?: string) => Promise<AnalyzerWrapper>;
+export declare const drainCheckConcrete: (config: ConcreteAnalysisConfig, completionMessage?: string) => Promise<ReproduceParameters | null>;