blueprint-tsa 1.0.0

package/dist/commands/owner-hijack-check.js

@@ -0,0 +1,290 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ownerHijackCheckConcrete = exports.runOwnerHijackCheckAnalysis = exports.configureOwnerHijackCommand = void 0;
+const fs_1 = require("fs");
+const core_1 = require("@ton/core");
+const analyzer_wrapper_js_1 = require("../common/analyzer-wrapper.js");
+const build_config_js_1 = require("../reproduce/build-config.js");
+const constants_js_1 = require("../common/constants.js");
+const build_utils_js_1 = require("../common/build-utils.js");
+const utils_js_1 = require("../reproduce/utils.js");
+const paths_js_1 = require("../common/paths.js");
+const opcode_extractor_js_1 = require("../common/opcode-extractor.js");
+const ONE_MINUTE_SECONDS = 60;
+const configureOwnerHijackCommand = (context) => ({
+    command: constants_js_1.OWNER_HIJACK_CHECK_ID,
+    description: "Analyze contract for the possibility of owner hijack",
+    builder: (yargs) => yargs
+        .option("timeout", {
+        alias: "t",
+        type: "number",
+        description: "Analysis timeout in seconds",
+    })
+        .option("contract", {
+        alias: "c",
+        type: "string",
+        description: "Contract name",
+        demandOption: true,
+    })
+        .option("method-name", {
+        alias: "m",
+        type: "string",
+        description: "The method name of get_owner getter",
+        demandOption: true,
+    })
+        .option("verbose", {
+        alias: "v",
+        type: "boolean",
+        description: "Use debug output in TSA log",
+    })
+        .option("disable-opcode-extraction", {
+        type: "boolean",
+        description: "Disable opcode extraction. This affects path selection strategy and default timeout.",
+    }),
+    handler: async (argv) => await ownerHijackCommand(context, argv),
+});
+exports.configureOwnerHijackCommand = configureOwnerHijackCommand;
+const extractOptions = (ui, parsedArgs) => {
+    const contract = parsedArgs.contract;
+    if (typeof contract !== "string") {
+        throw new Error("Contract name or path is required");
+    }
+    const timeout = parsedArgs.timeout ?? null;
+    const methodid = (0, core_1.getMethodId)(parsedArgs.methodName);
+    if (!Number.isInteger(methodid)) {
+        throw new Error("MethodId is not an integer");
+    }
+    const methodId = BigInt(methodid);
+    const options = {
+        contract,
+        timeout,
+        methodId,
+    };
+    const properties = [
+        { key: "Contract", value: options.contract },
+        { key: "Mode", value: "TON owner hijack" },
+        {
+            key: "Options",
+            separator: true,
+            children: [
+                {
+                    key: "Timeout",
+                    value: options.timeout !== null ? `${options.timeout} seconds` : "not set",
+                },
+                { key: "Method id", value: options.methodId.toString() },
+            ],
+        },
+    ];
+    return { options, properties };
+};
+/**
+ * Runs owner hijack check analysis and returns the analyzer wrapper
+ * @param contractName - Name of the contract
+ * @param contractPath - Path to the compiled contract
+ * @param ui - UI provider
+ * @param timeout - Analysis timeout in seconds
+ * @param methodId - Method ID of the owner getter
+ * @param opcodes - List of opcodes to analyze
+ * @param verbose - Enable verbose output
+ * @returns AnalyzerWrapper instance
+ */
+const runOwnerHijackCheckAnalysis = async (contractName, contractPath, ui, timeout, methodId, opcodes, verbose = false, completionMessage = "Analysis complete.") => {
+    const properties = [
+        { key: "Contract", value: contractName },
+        { key: "Mode", value: "TON owner hijack" },
+        {
+            key: "Options",
+            separator: true,
+            children: [
+                {
+                    key: "Timeout",
+                    value: timeout !== null ? `${timeout} seconds` : "not set",
+                },
+                { key: "Method id", value: methodId.toString() },
+            ],
+        },
+    ];
+    const checkerPath = (0, paths_js_1.getCheckerPath)(constants_js_1.OWNER_HIJACK_CHECK_SYMBOLIC_FILENAME);
+    const checkerCell = (0, core_1.beginCell)().storeUint(methodId, 32).endCell();
+    const analyzer = new analyzer_wrapper_js_1.AnalyzerWrapper({
+        ui,
+        checkerPath,
+        checkerCell,
+        properties,
+        codePath: contractPath,
+    });
+    const reportDir = (0, paths_js_1.getReportDirectory)(analyzer.id);
+    const sarifPath = (0, paths_js_1.getSarifReportPath)(analyzer.id);
+    await analyzer.run(constants_js_1.OWNER_HIJACK_CHECK_SYMBOLIC_FILENAME, (wrapper) => [
+        "custom-checker-compiled",
+        "--checker",
+        wrapper.getTempBocPath(),
+        "--contract",
+        contractPath,
+        "--stop-when-exit-codes-found",
+        constants_js_1.ERROR_EXIT_CODE.toString(),
+        "--checker-data",
+        wrapper.getTempCheckerCellPath(),
+        "--output",
+        sarifPath,
+        "--exported-inputs",
+        reportDir,
+        ...(verbose ? ["-v"] : []),
+        ...opcodes.flatMap((opcode) => ["--opcode", opcode.toString()]),
+        "--disable-out-message-analysis",
+        ...(timeout != null ? ["--timeout", timeout.toString()] : []),
+    ], completionMessage);
+    // Write reproduction config if vulnerability is found
+    const vulnerability = analyzer.getVulnerability();
+    if (vulnerability) {
+        (0, build_config_js_1.writeReproduceConfig)(vulnerability, constants_js_1.OWNER_HIJACK_CHECK_ID, timeout, analyzer.id, {
+            kind: "owner-hijack-check",
+            methodId: methodId.toString(),
+        });
+    }
+    return analyzer;
+};
+exports.runOwnerHijackCheckAnalysis = runOwnerHijackCheckAnalysis;
+const ownerHijackCommand = async (context, parsedArgs) => {
+    const { ui } = context;
+    await (0, build_utils_js_1.buildContracts)(ui);
+    const { options, properties } = extractOptions(ui, parsedArgs);
+    const contractPath = (0, paths_js_1.findCompiledContract)(options.contract);
+    if (!(0, fs_1.existsSync)(contractPath)) {
+        ui.write(`\n${constants_js_1.Sym.ERR} Contract ${options.contract} not found`);
+        process.exit(1);
+    }
+    let opcodes = [];
+    if (!parsedArgs["disable-opcode-extraction"]) {
+        opcodes = await (0, opcode_extractor_js_1.extractOpcodes)({
+            ui,
+            codePath: contractPath,
+            contractName: options.contract,
+        });
+    }
+    // If timeout wasn't provided, set it to 1 minute * (number_of_opcodes + 1)
+    if (options.timeout === null && opcodes.length > 0) {
+        options.timeout = ONE_MINUTE_SECONDS * (opcodes.length + 1);
+        ui.write("");
+        ui.write("The timeout was calculated automatically based on the number of opcodes.");
+    }
+    // Update properties to reflect the calculated timeout
+    const timeoutProperty = properties[2].children?.find((p) => p.key === "Timeout");
+    if (timeoutProperty) {
+        timeoutProperty.value =
+            options.timeout !== null ? `${options.timeout} seconds` : "not set";
+    }
+    const analyzer = await (0, exports.runOwnerHijackCheckAnalysis)(options.contract, contractPath, ui, options.timeout, options.methodId, opcodes, parsedArgs.verbose);
+    const vulnerability = analyzer.getVulnerability();
+    analyzer.reportVulnerability(vulnerability, constants_js_1.OWNER_HIJACK_DESCRIPTION_URL);
+    (0, utils_js_1.printCleanupInstructions)(ui);
+    if (vulnerability != null) {
+        (0, utils_js_1.printReproductionInstructions)(ui, analyzer.id);
+        process.exit(2);
+    }
+};
+const readNanotons = async (request, ui) => {
+    while (true) {
+        const userInput = await ui.input(request);
+        try {
+            return (0, core_1.toNano)(userInput);
+            // eslint-disable-next-line @typescript-eslint/no-unused-vars
+        }
+        catch (e) {
+            ui.write(`Your input (${userInput}) was of not correct nanoton format. Please try again.`);
+        }
+    }
+};
+const ownerHijackCheckConcrete = async (config, concreteCheckerOptions, completionMessage = "Analysis complete.") => {
+    const { ui } = config;
+    if (!(0, fs_1.existsSync)(config.codePath)) {
+        ui.write(`\n${constants_js_1.Sym.ERR} Code at ${config.codePath} not found`);
+        process.exit(1);
+    }
+    const timeout = config.timeout;
+    const properties = [
+        { key: "Contract", value: config.contractAddress.toRawString() },
+        { key: "Mode", value: "TON owner hijack reproduction" },
+        {
+            key: "Options",
+            separator: true,
+            children: [
+                {
+                    key: "Timeout",
+                    value: timeout !== null ? `${timeout} seconds` : "not set",
+                },
+                {
+                    key: "Method id",
+                    value: timeout !== null ? `${timeout} seconds` : "not set",
+                },
+                { key: "Sender", value: config.senderAddress.toRawString() },
+            ],
+        },
+    ];
+    const maxTons = await readNanotons("Enter maximum amount of TONs for reproduction message:", ui);
+    const checkerPath = (0, paths_js_1.getCheckerPath)(constants_js_1.OWNER_HIJACK_CHECK_CONCRETE_FILENAME);
+    const getMethodId = () => {
+        const stringedMethodId = concreteCheckerOptions.methodId;
+        try {
+            return BigInt(stringedMethodId);
+            // eslint-disable-next-line @typescript-eslint/no-unused-vars
+        }
+        catch (error) {
+            throw new Error(`Invalid BigInt string format (${stringedMethodId}) stored as methodId`);
+        }
+    };
+    const methodId = getMethodId();
+    console.log(`methodId=${methodId} maxTons=${maxTons} address=${config.senderAddress.toRawString()}`);
+    const checkerCell = (0, core_1.beginCell)()
+        .storeInt(methodId, 32)
+        .storeAddress(config.senderAddress)
+        .storeCoins(maxTons)
+        .endCell();
+    const analyzer = new analyzer_wrapper_js_1.AnalyzerWrapper({
+        ui,
+        checkerPath,
+        checkerCell,
+        properties,
+        codePath: config.codePath,
+    });
+    await analyzer.run(constants_js_1.OWNER_HIJACK_CHECK_CONCRETE_FILENAME, (wrapper) => [
+        "custom-checker-compiled",
+        "--checker",
+        wrapper.getTempBocPath(),
+        "--contract",
+        config.codePath,
+        "--data",
+        config.dataPath,
+        "--balance",
+        config.balance.toString(),
+        "--address",
+        config.contractAddress.toRawString(),
+        "--stop-when-exit-codes-found",
+        constants_js_1.ERROR_EXIT_CODE.toString(),
+        "--checker-data",
+        wrapper.getTempCheckerCellPath(),
+        "--output",
+        (0, paths_js_1.getSarifReportPath)(wrapper.id),
+        "--disable-out-message-analysis",
+        "--exported-inputs",
+        (0, paths_js_1.getReportDirectory)(wrapper.id),
+        ...(config.timeout != null
+            ? ["--timeout", config.timeout.toString()]
+            : []),
+        "-v",
+    ], completionMessage);
+    const vulnerability = analyzer.getVulnerability();
+    if (vulnerability == null) {
+        ui.write(`${constants_js_1.Sym.WARN} Vulnerability couldn't be reproduced with concrete data.`);
+        return null;
+    }
+    if (vulnerability.value == null) {
+        throw new Error("Unexpected external message");
+    }
+    return {
+        address: config.contractAddress,
+        msgBody: vulnerability.msgBody,
+        suggestedValue: vulnerability.value,
+    };
+};
+exports.ownerHijackCheckConcrete = ownerHijackCheckConcrete;

package/dist/commands/replay-attack-check.d.ts

@@ -0,0 +1,20 @@
+import { UIProvider } from "@ton/blueprint";
+import { CommandContext } from "../cli.js";
+import { AnalyzerWrapper } from "../common/analyzer-wrapper.js";
+export declare const configureReplayAttackCheckCommand: (context: CommandContext) => any;
+interface SeqnoData {
+    getterName: string;
+    upperBound: number;
+}
+/**
+ * Runs replay attack check analysis and returns the analyzer wrapper
+ * @param contractName - Name of the contract
+ * @param contractPath - Path to the compiled contract
+ * @param ui - UI provider
+ * @param timeout - Analysis timeout in seconds
+ * @param verbose - Enable verbose output
+ * @param seqnoData - Add the seqno constraints on the checker
+ * @returns AnalyzerWrapper instance
+ */
+export declare const runReplayAttackCheckAnalysis: (contractName: string, contractPath: string, ui: UIProvider, timeout: number | null, verbose?: boolean, completionMessage?: string, seqnoData?: SeqnoData | null) => Promise<AnalyzerWrapper>;
+export {};

package/dist/commands/replay-attack-check.js

@@ -0,0 +1,149 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runReplayAttackCheckAnalysis = exports.configureReplayAttackCheckCommand = void 0;
+const fs_1 = require("fs");
+const core_1 = require("@ton/core");
+const analyzer_wrapper_js_1 = require("../common/analyzer-wrapper.js");
+const constants_js_1 = require("../common/constants.js");
+const build_utils_js_1 = require("../common/build-utils.js");
+const utils_js_1 = require("../reproduce/utils.js");
+const paths_js_1 = require("../common/paths.js");
+const configureReplayAttackCheckCommand = (context) => {
+    return {
+        command: constants_js_1.REPLAY_ATTACK_CHECK_ID,
+        description: "Analyze contract for replay attack vulnerabilities",
+        builder: (yargs) => yargs
+            .option("timeout", {
+            alias: "t",
+            type: "number",
+            description: "Analysis timeout in seconds",
+        })
+            .option("contract", {
+            alias: "c",
+            type: "string",
+            description: "Contract name",
+            demandOption: true,
+        })
+            .option("seqno-method-name", {
+            alias: "s",
+            type: "string",
+            description: "Method name of a seqno getter method",
+            demandOption: false,
+        })
+            .option("seqno-restriction", {
+            alias: "r",
+            type: "number",
+            description: "The upper bound of a seqno. Only the seq numbers that satisfy the restrictions are considered in executions",
+            demandOption: false,
+        })
+            .option("verbose", {
+            alias: "v",
+            type: "boolean",
+            description: "Use debug output in TSA log",
+        }),
+        handler: async (argv) => {
+            await replayAttackCheckCommand(context, argv);
+        },
+    };
+};
+exports.configureReplayAttackCheckCommand = configureReplayAttackCheckCommand;
+/**
+ * Runs replay attack check analysis and returns the analyzer wrapper
+ * @param contractName - Name of the contract
+ * @param contractPath - Path to the compiled contract
+ * @param ui - UI provider
+ * @param timeout - Analysis timeout in seconds
+ * @param verbose - Enable verbose output
+ * @param seqnoData - Add the seqno constraints on the checker
+ * @returns AnalyzerWrapper instance
+ */
+const runReplayAttackCheckAnalysis = async (contractName, contractPath, ui, timeout, verbose = false, completionMessage = "Analysis complete.", seqnoData = null) => {
+    const checkerPath = (0, paths_js_1.getCheckerPath)(constants_js_1.REPLAY_ATTACK_CHECK_SYMBOLIC_FILENAME);
+    const properties = [
+        { key: "Contract", value: contractName },
+        { key: "Mode", value: "Replay attack check" },
+        {
+            key: "Options",
+            separator: true,
+            children: [
+                {
+                    key: "Timeout",
+                    value: timeout !== null ? `${timeout} seconds` : "not set",
+                },
+                {
+                    key: "SeqnoData",
+                    value: seqnoData !== null ? JSON.stringify(seqnoData) : "not set",
+                },
+            ],
+        },
+    ];
+    const checkerCell = seqnoData !== null
+        ? (0, core_1.beginCell)()
+            .storeUint(1, 1)
+            .storeUint((0, core_1.getMethodId)(seqnoData.getterName), 32)
+            .storeUint(seqnoData.upperBound, 256)
+            .endCell()
+        : (0, core_1.beginCell)().storeUint(0, 1).endCell();
+    const analyzer = new analyzer_wrapper_js_1.AnalyzerWrapper({
+        ui,
+        checkerPath,
+        checkerCell,
+        properties,
+        codePath: contractPath,
+    });
+    const reportDir = (0, paths_js_1.getReportDirectory)(analyzer.id);
+    const sarifPath = (0, paths_js_1.getSarifReportPath)(analyzer.id);
+    await analyzer.run(constants_js_1.REPLAY_ATTACK_CHECK_SYMBOLIC_FILENAME, (wrapper) => [
+        "custom-checker-compiled",
+        "--checker",
+        wrapper.getTempBocPath(),
+        "--contract",
+        contractPath,
+        "--stop-when-exit-codes-found",
+        constants_js_1.ERROR_EXIT_CODE.toString(),
+        "--checker-data",
+        wrapper.getTempCheckerCellPath(),
+        "--output",
+        sarifPath,
+        ...(timeout != null ? ["--timeout", timeout.toString()] : []),
+        "--exported-inputs",
+        reportDir,
+        ...(verbose ? ["-v"] : []),
+        "--continue-on-contract-exception",
+        "--disable-out-message-analysis",
+    ], completionMessage);
+    return analyzer;
+};
+exports.runReplayAttackCheckAnalysis = runReplayAttackCheckAnalysis;
+const replayAttackCheckCommand = async (context, parsedArgs) => {
+    const { ui } = context;
+    await (0, build_utils_js_1.buildContracts)(ui);
+    if (!parsedArgs.contract) {
+        throw new Error("Contract name or path is required");
+    }
+    const contract = parsedArgs.contract;
+    const contractPath = (0, paths_js_1.findCompiledContract)(contract);
+    if (!(0, fs_1.existsSync)(contractPath)) {
+        ui.write(`\n${constants_js_1.Sym.ERR} Contract ${contract} not found`);
+        process.exit(1);
+    }
+    const timeout = parsedArgs.timeout ?? null;
+    const getSeqnoMethodName = parsedArgs.seqnoMethodName;
+    const getSeqnoRestriction = parsedArgs.seqnoRestriction;
+    var seqnoData = null;
+    if (getSeqnoMethodName !== undefined && getSeqnoRestriction !== undefined) {
+        seqnoData = {
+            getterName: getSeqnoMethodName,
+            upperBound: getSeqnoRestriction,
+        };
+    }
+    else if (getSeqnoRestriction !== undefined ||
+        getSeqnoMethodName !== undefined) {
+        ui.write(`\n${constants_js_1.Sym.ERR} you should specify either both the seqno getter method and seqno restriction or neither`);
+        process.exit(1);
+    }
+    const analyzer = await (0, exports.runReplayAttackCheckAnalysis)(contract, contractPath, ui, timeout, parsedArgs.verbose, "Analysis complete.", seqnoData);
+    const vulnerability = analyzer.getVulnerability();
+    analyzer.reportVulnerability(vulnerability, constants_js_1.REPLAY_DESCRIPTION_URL);
+    (0, utils_js_1.printCleanupInstructions)(ui);
+};

package/dist/commands/reproduce.d.ts

@@ -0,0 +1,3 @@
+import { CommandContext } from "../cli.js";
+export declare const configureReproduceCommand: (context: CommandContext) => any;
+export declare const executeReproduceCommand: (context: CommandContext, parsedArgs: any) => Promise<void>;

package/dist/commands/reproduce.js

@@ -0,0 +1,102 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.executeReproduceCommand = exports.configureReproduceCommand = void 0;
+const fs_1 = require("fs");
+const core_1 = require("@ton/core");
+const blueprint_1 = require("@ton/blueprint");
+const network_js_1 = require("../reproduce/network.js");
+const concrete_analysis_js_1 = require("../reproduce/concrete-analysis.js");
+const constants_js_1 = require("../common/constants.js");
+const utils_js_1 = require("../reproduce/utils.js");
+const reproduce_config_js_1 = require("../reproduce/reproduce-config.js");
+const format_utils_js_1 = require("../common/format-utils.js");
+const configureReproduceCommand = (context) => ({
+    command: constants_js_1.REPRODUCE_ID,
+    description: "Reproduce found vulnerability",
+    builder: (yargs) => yargs.option("config", {
+        alias: "c",
+        type: "string",
+        description: "Path to the reproduction config",
+        demandOption: true,
+    }),
+    handler: async (argv) => await (0, exports.executeReproduceCommand)(context, argv),
+});
+exports.configureReproduceCommand = configureReproduceCommand;
+async function checkAddressContainsExpectedData(network, queriedAddress, config, ui) {
+    const contractState = await network.getContractState(queriedAddress);
+    if (contractState.state.type !== "active") {
+        throw new Error(`Contract at ${queriedAddress.toString()} is not active`);
+    }
+    let dataMatches = false;
+    if (contractState.state.data) {
+        const actualData = core_1.Cell.fromBoc(contractState.state.data)[0];
+        dataMatches = actualData.equals(config.data);
+    }
+    if (dataMatches) {
+        ui.write(`${constants_js_1.Sym.OK} The data stored at contract matches the expected data.`);
+        ui.write(`${constants_js_1.Sym.OK} Balance: ${(0, format_utils_js_1.nanotonToTon)(contractState.balance)}.`);
+    }
+    else {
+        ui.write(`${constants_js_1.Sym.ERR} Contract data on the contract does not match data on the config`);
+        process.exit(1);
+    }
+    return contractState;
+}
+const executeReproduceCommand = async (context, parsedArgs) => {
+    const { ui } = context;
+    const reproduceConfigPath = parsedArgs.config;
+    if (!reproduceConfigPath) {
+        throw new Error("Please specify the reproduction config file");
+    }
+    const configJsonResult = reproduce_config_js_1.TsaVulnerabilityConfigSchema.safeParse(JSON.parse((0, fs_1.readFileSync)(reproduceConfigPath, "utf-8")));
+    if (!configJsonResult.success) {
+        ui.write("Failed to parse reproduce config file");
+        process.exit(1);
+    }
+    const configJson = configJsonResult.data;
+    const network = await (0, blueprint_1.createNetworkProvider)(ui, { _: [] });
+    if (configJson.mode === constants_js_1.DEPLOY_AND_REPRODUCE_COMMAND) {
+        const codeHex = JSON.parse((0, fs_1.readFileSync)(configJson.codePath, "utf-8")).hex;
+        const dataBinary = (0, fs_1.readFileSync)(configJson.dataPath);
+        const config = {
+            code: core_1.Cell.fromBoc(Buffer.from(codeHex, "hex"))[0],
+            data: core_1.Cell.fromBoc(dataBinary)[0],
+            suggestedBalance: BigInt(configJson.suggestedBalance),
+            suggestedValue: BigInt(configJson.suggestedValue),
+        };
+        const useExistingContract = await ui.prompt("Do you want to reuse an already deployed contract?");
+        const getUserInputAddress = async () => {
+            return await ui.inputAddress("Input the address to deploy contract to");
+        };
+        const deployChameleon = async () => {
+            const nonces = Array.from(Array(8), () => BigInt(Math.floor(Math.random() * (1 << 29))));
+            const deployResult = await (0, network_js_1.deployViaChameleon)(network, config, nonces);
+            return deployResult.address;
+        };
+        const address = useExistingContract
+            ? await getUserInputAddress()
+            : await deployChameleon();
+        const contractState = await checkAddressContainsExpectedData(network, address, config, ui);
+        const senderAddress = network.sender().address;
+        if (!senderAddress) {
+            throw new Error("Sender address is not available");
+        }
+        const concreteAnalysisConfig = {
+            codePath: configJson.codePath,
+            dataPath: configJson.dataPath,
+            balance: contractState.balance,
+            contractAddress: address,
+            senderAddress,
+            ui,
+            timeout: configJson.timeout,
+            concreteCheckerOptions: configJson.concreteCheckerOptions,
+        };
+        const vulnerability = await (0, concrete_analysis_js_1.runConcreteAnalysis)(configJson.command, concreteAnalysisConfig);
+        if (vulnerability == null) {
+            return;
+        }
+        (0, utils_js_1.printCleanupInstructions)(ui);
+        await (0, network_js_1.reproduce)(network, vulnerability);
+    }
+};
+exports.executeReproduceCommand = executeReproduceCommand;

package/dist/common/analyzer-wrapper.d.ts

@@ -0,0 +1,69 @@
+import { UIProvider } from "@ton/blueprint";
+import { Cell } from "@ton/core";
+import { TreeProperty } from "./draw.js";
+/**
+ * Configuration for analyzer wrapper
+ */
+export interface AnalyzerWrapperConfig {
+    ui: UIProvider;
+    checkerPath: string | null;
+    checkerCell: Cell;
+    properties: TreeProperty[];
+    codePath: string;
+}
+export interface VulnerabilityDescription {
+    value: bigint | null;
+    balance: bigint;
+    dataPath: string;
+    codePath: string;
+    executionIndex: number;
+    msgBody: Cell;
+}
+/**
+ * Generic wrapper for checker-based vulnerability analysis
+ * Handles common logic for compiling, running, and cleaning up checker analysis
+ */
+export declare class AnalyzerWrapper {
+    private config;
+    private tempBocPath;
+    private tempCheckerCellPath;
+    id: string;
+    constructor(config: AnalyzerWrapperConfig);
+    /**
+     * Prints analysis information to UI
+     */
+    private printAnalysisInfo;
+    /**
+     * Validates that checker file exists
+     */
+    private validateCheckerFile;
+    /**
+     * Compiles FunC checker to BoC and writes to temporary file
+     */
+    private compileChecker;
+    /**
+     * Writes checker cell to temporary BoC file
+     */
+    private writeCheckerCell;
+    /**
+     * Cleans up temporary files
+     */
+    private cleanup;
+    /**
+     * Gets the temporary BoC file path (for use in analyzer arguments)
+     */
+    getTempBocPath(): string;
+    /**
+     * Gets the temporary checker cell file path (for use in analyzer arguments)
+     */
+    getTempCheckerCellPath(): string;
+    /**
+     * Runs the checker analysis with custom analyzer arguments
+     * @param checkerFilename - Name of the checker file to compile
+     * @param buildArgs - Callback function to build analyzer arguments after compilation
+     */
+    run(checkerFilename: string | null, buildArgs: (wrapper: this) => string[], completionMessage?: string): Promise<void>;
+    getVulnerability(): VulnerabilityDescription | null;
+    vulnerabilityIsPresent(): boolean;
+    reportVulnerability(vulnerability: VulnerabilityDescription | null, descriptionUrl?: string): void;
+}