web3crit-scanner 7.0.1

package/src/detectors/token-standard-compliance.js

@@ -0,0 +1,465 @@
+const BaseDetector = require('./base-detector');
+
+/**
+ * Token Standard Compliance Detector
+ * Ensures tokens strictly follow ERC standards (ERC20, ERC721, ERC1155)
+ * 
+ * Detects:
+ * - Missing required functions for ERC standards
+ * - Incorrect function signatures
+ * - Missing events
+ * - Non-standard return values
+ * - Missing approvals/transfers
+ * - Incorrect behavior patterns
+ */
+class TokenStandardComplianceDetector extends BaseDetector {
+  constructor() {
+    super(
+      'Token Standard Compliance',
+      'Detects violations of ERC token standards (ERC20, ERC721, ERC1155)',
+      'HIGH'
+    );
+    this.currentContract = null;
+    this.tokenStandard = null; // 'ERC20', 'ERC721', 'ERC1155', or null
+    this.requiredFunctions = {
+      ERC20: ['totalSupply', 'balanceOf', 'transfer', 'transferFrom', 'approve', 'allowance'],
+      ERC721: ['balanceOf', 'ownerOf', 'safeTransferFrom', 'transferFrom', 'approve', 'setApprovalForAll', 'getApproved', 'isApprovedForAll'],
+      ERC1155: ['balanceOf', 'balanceOfBatch', 'setApprovalForAll', 'isApprovedForAll', 'safeTransferFrom', 'safeBatchTransferFrom']
+    };
+    this.requiredEvents = {
+      ERC20: ['Transfer', 'Approval'],
+      ERC721: ['Transfer', 'Approval', 'ApprovalForAll'],
+      ERC1155: ['TransferSingle', 'TransferBatch', 'ApprovalForAll', 'URI']
+    };
+    this.foundFunctions = new Set();
+    this.foundEvents = new Set();
+  }
+
+  async detect(ast, sourceCode, fileName, cfg, dataFlow) {
+    this.findings = [];
+    this.ast = ast;
+    this.sourceCode = sourceCode;
+    this.fileName = fileName;
+    this.sourceLines = sourceCode.split('\n');
+    this.cfg = cfg;
+    this.dataFlow = dataFlow;
+
+    // Reset per-file state
+    this.tokenStandard = null;
+    this.foundFunctions.clear();
+    this.foundEvents.clear();
+    this.currentContract = null;
+
+    // Detect which standard this contract implements
+    this.detectTokenStandard(sourceCode);
+
+    if (!this.tokenStandard) {
+      // Not a token contract, skip
+      return this.findings;
+    }
+
+    this.traverse(ast);
+
+    // Post-traversal analysis
+    this.analyzeCompliance();
+
+    return this.findings;
+  }
+
+  visitContractDefinition(node) {
+    this.currentContract = node.name;
+    this.foundFunctions.clear();
+    this.foundEvents.clear();
+  }
+
+  visitFunctionDefinition(node) {
+    const funcName = node.name || '';
+    
+    if (this.tokenStandard) {
+      // Check if this is a required function
+      const required = this.requiredFunctions[this.tokenStandard] || [];
+      if (required.includes(funcName)) {
+        this.foundFunctions.add(funcName);
+        
+        // Validate function signature and behavior
+        this.validateFunction(node, funcName);
+      }
+    }
+  }
+
+  visitEventDefinition(node) {
+    const eventName = node.name || '';
+    
+    if (this.tokenStandard) {
+      const required = this.requiredEvents[this.tokenStandard] || [];
+      if (required.includes(eventName)) {
+        this.foundEvents.add(eventName);
+        
+        // Validate event signature
+        this.validateEvent(node, eventName);
+      }
+    }
+  }
+
+  /**
+   * Detect which ERC standard this contract implements
+   */
+  detectTokenStandard(sourceCode) {
+    // Strip imports/comments so "ERC20" in import paths doesn't misclassify non-token contracts
+    const stripped = sourceCode
+      .replace(/^\s*import[^;]*;/gm, '')
+      .replace(/\/\/.*$/gm, '')
+      .replace(/\/\*[\s\S]*?\*\//g, '');
+
+    const codeLower = stripped.toLowerCase();
+    
+    // Check for explicit ERC standard inheritance or interface implementation
+    const hasERCInterface =
+      /contract\s+\w+\s+(?:is|implements)\s+.*\b(IERC|ERC)\d+\b/i.test(stripped) ||
+      /contract\s+\w+\s+(?:is|implements)\s+.*\bERC\b/i.test(stripped);
+    
+    // Check for ERC1155 (most specific)
+    if (codeLower.includes('erc1155') || 
+        codeLower.includes('multitoken') ||
+        (codeLower.includes('balanceofbatch') && codeLower.includes('safebatchtransferfrom'))) {
+      this.tokenStandard = 'ERC1155';
+      return;
+    }
+
+    // Check for ERC721
+    if (codeLower.includes('erc721') || 
+        (codeLower.includes('nft') && codeLower.includes('ownerof')) ||
+        (codeLower.includes('ownerof') && codeLower.includes('tokenuri')) ||
+        (codeLower.includes('setapprovalforall') && codeLower.includes('ownerof'))) {
+      this.tokenStandard = 'ERC721';
+      return;
+    }
+
+    // Check for ERC20 - need multiple indicators to avoid false positives
+    // Must have both transfer/transferFrom AND approve/allowance patterns
+    const hasTransfer = /function\s+transfer/i.test(sourceCode) || /function\s+transferFrom/i.test(sourceCode);
+    const hasApprove = /function\s+approve/i.test(sourceCode) || /function\s+allowance/i.test(sourceCode);
+    const hasBalanceOf = /function\s+balanceOf/i.test(sourceCode);
+    const hasTotalSupply = /function\s+totalSupply/i.test(sourceCode);
+    
+    // Only treat as ERC20 if it is explicitly implemented/inherited, or declares core ERC20 functions
+    if (hasERCInterface) {
+      this.tokenStandard = 'ERC20';
+      return;
+    }
+    
+    // Only detect ERC20 if it has multiple token functions (not just one)
+    if ((hasTransfer && hasApprove && hasBalanceOf) || 
+        (hasTransfer && hasTotalSupply && hasBalanceOf)) {
+      this.tokenStandard = 'ERC20';
+      return;
+    }
+  }
+
+  /**
+   * Validate function implementation
+   */
+  validateFunction(node, funcName) {
+    const funcCode = this.getCodeSnippet(node.loc);
+    const funcCodeLower = funcCode.toLowerCase();
+
+    // ERC20 specific validations
+    if (this.tokenStandard === 'ERC20') {
+      this.validateERC20Function(node, funcName, funcCode);
+    }
+
+    // ERC721 specific validations
+    if (this.tokenStandard === 'ERC721') {
+      this.validateERC721Function(node, funcName, funcCode);
+    }
+
+    // ERC1155 specific validations
+    if (this.tokenStandard === 'ERC1155') {
+      this.validateERC1155Function(node, funcName, funcCode);
+    }
+  }
+
+  /**
+   * Validate ERC20 function
+   */
+  validateERC20Function(node, funcName, code) {
+    const codeLower = code.toLowerCase();
+
+    // transfer/transferFrom must emit Transfer event
+    if ((funcName === 'transfer' || funcName === 'transferFrom') && 
+        !codeLower.includes('emit transfer')) {
+      this.addFinding({
+        title: 'ERC20 Transfer Missing Transfer Event',
+        description: `ERC20 function '${funcName}' does not emit Transfer event. This violates ERC20 standard and breaks compatibility with wallets, DEXs, and other contracts expecting the event.`,
+        location: `Contract: ${this.currentContract}, Function: ${funcName}`,
+        line: node.loc ? node.loc.start.line : 0,
+        column: node.loc ? node.loc.start.column : 0,
+        code: this.getCodeSnippet(node.loc),
+        severity: 'HIGH',
+        confidence: 'HIGH',
+        exploitable: false,
+        exploitabilityScore: 30,
+        attackVector: 'standard-compliance',
+        recommendation: 'Emit Transfer event: emit Transfer(from, to, amount);',
+        references: [
+          'https://eips.ethereum.org/EIPS/eip-20',
+          'https://swcregistry.io/docs/SWC-140'
+        ]
+      });
+    }
+
+    // approve must emit Approval event
+    if (funcName === 'approve' && !codeLower.includes('emit approval')) {
+      this.addFinding({
+        title: 'ERC20 Approve Missing Approval Event',
+        description: `ERC20 function 'approve' does not emit Approval event. This violates ERC20 standard.`,
+        location: `Contract: ${this.currentContract}, Function: ${funcName}`,
+        line: node.loc ? node.loc.start.line : 0,
+        column: node.loc ? node.loc.start.column : 0,
+        code: this.getCodeSnippet(node.loc),
+        severity: 'HIGH',
+        confidence: 'HIGH',
+        exploitable: false,
+        exploitabilityScore: 30,
+        attackVector: 'standard-compliance',
+        recommendation: 'Emit Approval event: emit Approval(owner, spender, amount);',
+        references: [
+          'https://eips.ethereum.org/EIPS/eip-20'
+        ]
+      });
+    }
+
+    // Check for non-standard return values (should return bool)
+    if ((funcName === 'transfer' || funcName === 'transferFrom' || funcName === 'approve') &&
+        node.returnParameters && node.returnParameters.length === 0) {
+      // Some ERC20 implementations don't return bool, but it's non-standard
+      this.addFinding({
+        title: 'ERC20 Function Missing Return Value',
+        description: `ERC20 function '${funcName}' should return bool according to standard. Missing return value may break compatibility with some contracts.`,
+        location: `Contract: ${this.currentContract}, Function: ${funcName}`,
+        line: node.loc ? node.loc.start.line : 0,
+        column: node.loc ? node.loc.start.column : 0,
+        code: this.getCodeSnippet(node.loc),
+        severity: 'MEDIUM',
+        confidence: 'MEDIUM',
+        exploitable: false,
+        exploitabilityScore: 20,
+        attackVector: 'standard-compliance',
+        recommendation: 'Add return bool to function signature: function transfer(...) public returns (bool)',
+        references: [
+          'https://eips.ethereum.org/EIPS/eip-20'
+        ]
+      });
+    }
+  }
+
+  /**
+   * Validate ERC721 function
+   */
+  validateERC721Function(node, funcName, code) {
+    const codeLower = code.toLowerCase();
+
+    // transferFrom/safeTransferFrom must emit Transfer event
+    if ((funcName === 'transferFrom' || funcName === 'safeTransferFrom') &&
+        !codeLower.includes('emit transfer')) {
+      this.addFinding({
+        title: 'ERC721 Transfer Missing Transfer Event',
+        description: `ERC721 function '${funcName}' does not emit Transfer event. This violates ERC721 standard.`,
+        location: `Contract: ${this.currentContract}, Function: ${funcName}`,
+        line: node.loc ? node.loc.start.line : 0,
+        column: node.loc ? node.loc.start.column : 0,
+        code: this.getCodeSnippet(node.loc),
+        severity: 'HIGH',
+        confidence: 'HIGH',
+        exploitable: false,
+        exploitabilityScore: 30,
+        attackVector: 'standard-compliance',
+        recommendation: 'Emit Transfer event: emit Transfer(from, to, tokenId);',
+        references: [
+          'https://eips.ethereum.org/EIPS/eip-721'
+        ]
+      });
+    }
+
+    // approve must emit Approval event
+    if (funcName === 'approve' && !codeLower.includes('emit approval')) {
+      this.addFinding({
+        title: 'ERC721 Approve Missing Approval Event',
+        description: `ERC721 function 'approve' does not emit Approval event. This violates ERC721 standard.`,
+        location: `Contract: ${this.currentContract}, Function: ${funcName}`,
+        line: node.loc ? node.loc.start.line : 0,
+        column: node.loc ? node.loc.start.column : 0,
+        code: this.getCodeSnippet(node.loc),
+        severity: 'HIGH',
+        confidence: 'HIGH',
+        exploitable: false,
+        exploitabilityScore: 30,
+        attackVector: 'standard-compliance',
+        recommendation: 'Emit Approval event: emit Approval(owner, approved, tokenId);',
+        references: [
+          'https://eips.ethereum.org/EIPS/eip-721'
+        ]
+      });
+    }
+
+    // setApprovalForAll must emit ApprovalForAll event
+    if (funcName === 'setApprovalForAll' && !codeLower.includes('emit approvalforall')) {
+      this.addFinding({
+        title: 'ERC721 setApprovalForAll Missing ApprovalForAll Event',
+        description: `ERC721 function 'setApprovalForAll' does not emit ApprovalForAll event. This violates ERC721 standard.`,
+        location: `Contract: ${this.currentContract}, Function: ${funcName}`,
+        line: node.loc ? node.loc.start.line : 0,
+        column: node.loc ? node.loc.start.column : 0,
+        code: this.getCodeSnippet(node.loc),
+        severity: 'HIGH',
+        confidence: 'HIGH',
+        exploitable: false,
+        exploitabilityScore: 30,
+        attackVector: 'standard-compliance',
+        recommendation: 'Emit ApprovalForAll event: emit ApprovalForAll(owner, operator, approved);',
+        references: [
+          'https://eips.ethereum.org/EIPS/eip-721'
+        ]
+      });
+    }
+  }
+
+  /**
+   * Validate ERC1155 function
+   */
+  validateERC1155Function(node, funcName, code) {
+    const codeLower = code.toLowerCase();
+
+    // safeTransferFrom must emit TransferSingle event
+    if (funcName === 'safeTransferFrom' && !codeLower.includes('emit transfersingle')) {
+      this.addFinding({
+        title: 'ERC1155 safeTransferFrom Missing TransferSingle Event',
+        description: `ERC1155 function 'safeTransferFrom' does not emit TransferSingle event. This violates ERC1155 standard.`,
+        location: `Contract: ${this.currentContract}, Function: ${funcName}`,
+        line: node.loc ? node.loc.start.line : 0,
+        column: node.loc ? node.loc.start.column : 0,
+        code: this.getCodeSnippet(node.loc),
+        severity: 'HIGH',
+        confidence: 'HIGH',
+        exploitable: false,
+        exploitabilityScore: 30,
+        attackVector: 'standard-compliance',
+        recommendation: 'Emit TransferSingle event: emit TransferSingle(operator, from, to, id, value);',
+        references: [
+          'https://eips.ethereum.org/EIPS/eip-1155'
+        ]
+      });
+    }
+
+    // safeBatchTransferFrom must emit TransferBatch event
+    if (funcName === 'safeBatchTransferFrom' && !codeLower.includes('emit transferbatch')) {
+      this.addFinding({
+        title: 'ERC1155 safeBatchTransferFrom Missing TransferBatch Event',
+        description: `ERC1155 function 'safeBatchTransferFrom' does not emit TransferBatch event. This violates ERC1155 standard.`,
+        location: `Contract: ${this.currentContract}, Function: ${funcName}`,
+        line: node.loc ? node.loc.start.line : 0,
+        column: node.loc ? node.loc.start.column : 0,
+        code: this.getCodeSnippet(node.loc),
+        severity: 'HIGH',
+        confidence: 'HIGH',
+        exploitable: false,
+        exploitabilityScore: 30,
+        attackVector: 'standard-compliance',
+        recommendation: 'Emit TransferBatch event: emit TransferBatch(operator, from, to, ids, values);',
+        references: [
+          'https://eips.ethereum.org/EIPS/eip-1155'
+        ]
+      });
+    }
+
+    // setApprovalForAll must emit ApprovalForAll event
+    if (funcName === 'setApprovalForAll' && !codeLower.includes('emit approvalforall')) {
+      this.addFinding({
+        title: 'ERC1155 setApprovalForAll Missing ApprovalForAll Event',
+        description: `ERC1155 function 'setApprovalForAll' does not emit ApprovalForAll event. This violates ERC1155 standard.`,
+        location: `Contract: ${this.currentContract}, Function: ${funcName}`,
+        line: node.loc ? node.loc.start.line : 0,
+        column: node.loc ? node.loc.start.column : 0,
+        code: this.getCodeSnippet(node.loc),
+        severity: 'HIGH',
+        confidence: 'HIGH',
+        exploitable: false,
+        exploitabilityScore: 30,
+        attackVector: 'standard-compliance',
+        recommendation: 'Emit ApprovalForAll event: emit ApprovalForAll(owner, operator, approved);',
+        references: [
+          'https://eips.ethereum.org/EIPS/eip-1155'
+        ]
+      });
+    }
+  }
+
+  /**
+   * Validate event signature
+   */
+  validateEvent(node, eventName) {
+    // Basic validation - events should have correct parameters
+    // This is a simplified check; full validation would require parameter matching
+  }
+
+  /**
+   * Post-traversal compliance analysis
+   */
+  analyzeCompliance() {
+    if (!this.tokenStandard) return;
+
+    const requiredFuncs = this.requiredFunctions[this.tokenStandard] || [];
+    const requiredEvents = this.requiredEvents[this.tokenStandard] || [];
+
+    // Check for missing required functions
+    const missingFunctions = requiredFuncs.filter(func => !this.foundFunctions.has(func));
+    if (missingFunctions.length > 0) {
+      this.addFinding({
+        title: `Missing Required ${this.tokenStandard} Functions`,
+        description: `Contract claims to implement ${this.tokenStandard} but is missing required functions: ${missingFunctions.join(', ')}. This breaks standard compliance and may cause integration issues.`,
+        location: `Contract: ${this.currentContract}`,
+        line: 1,
+        column: 0,
+        code: this.sourceCode.substring(0, 200),
+        severity: 'HIGH',
+        confidence: 'HIGH',
+        exploitable: false,
+        exploitabilityScore: 40,
+        attackVector: 'standard-compliance',
+        recommendation: `Implement all required ${this.tokenStandard} functions. Use OpenZeppelin's standard implementations as reference.`,
+        references: [
+          this.tokenStandard === 'ERC20' ? 'https://eips.ethereum.org/EIPS/eip-20' :
+          this.tokenStandard === 'ERC721' ? 'https://eips.ethereum.org/EIPS/eip-721' :
+          'https://eips.ethereum.org/EIPS/eip-1155'
+        ]
+      });
+    }
+
+    // Check for missing required events
+    const missingEvents = requiredEvents.filter(event => !this.foundEvents.has(event));
+    if (missingEvents.length > 0) {
+      this.addFinding({
+        title: `Missing Required ${this.tokenStandard} Events`,
+        description: `Contract claims to implement ${this.tokenStandard} but is missing required events: ${missingEvents.join(', ')}. This breaks standard compliance.`,
+        location: `Contract: ${this.currentContract}`,
+        line: 1,
+        column: 0,
+        code: this.sourceCode.substring(0, 200),
+        severity: 'HIGH',
+        confidence: 'HIGH',
+        exploitable: false,
+        exploitabilityScore: 40,
+        attackVector: 'standard-compliance',
+        recommendation: `Declare all required ${this.tokenStandard} events. Events are essential for off-chain indexing and monitoring.`,
+        references: [
+          this.tokenStandard === 'ERC20' ? 'https://eips.ethereum.org/EIPS/eip-20' :
+          this.tokenStandard === 'ERC721' ? 'https://eips.ethereum.org/EIPS/eip-721' :
+          'https://eips.ethereum.org/EIPS/eip-1155'
+        ]
+      });
+    }
+  }
+}
+
+module.exports = TokenStandardComplianceDetector;
+

package/src/detectors/unchecked-call.js

@@ -0,0 +1,214 @@
+const BaseDetector = require('./base-detector');
+
+class UncheckedCallDetector extends BaseDetector {
+  constructor() {
+    super(
+      'Unchecked External Call',
+      'Detects external calls whose return values are not checked',
+      'HIGH'
+    );
+    this.potentialIssues = [];
+    this.checkedVariables = new Set();
+  }
+
+  async detect(ast, sourceCode, fileName, cfg, dataFlow) {
+    this.findings = [];
+    this.ast = ast;
+    this.sourceCode = sourceCode;
+    this.fileName = fileName;
+    this.sourceLines = sourceCode.split('\n');
+    this.cfg = cfg;
+    this.dataFlow = dataFlow;
+    this.potentialIssues = [];
+    this.checkedVariables = new Set();
+
+    // First pass: collect potential issues and checked variables
+    this.traverse(ast);
+
+    // Second pass: filter out false positives
+    this.potentialIssues = this.potentialIssues.filter(issue => {
+      return !this.checkedVariables.has(issue.variableName);
+    });
+
+    // Add remaining issues as findings
+    this.potentialIssues.forEach(issue => {
+      this.addFinding(issue.finding);
+    });
+
+    return this.findings;
+  }
+
+  visitFunctionDefinition(node) {
+    // Scan entire function for all require/assert/if statements
+    if (node.body) {
+      this.scanForChecks(node.body);
+    }
+  }
+
+  scanForChecks(node) {
+    if (!node) return;
+
+    // Check for require(success) or assert(success)
+    if (node.type === 'ExpressionStatement' && node.expression) {
+      const expr = node.expression;
+      if (expr.type === 'FunctionCall' && expr.expression) {
+        const funcName = expr.expression.name;
+        if (funcName === 'require' || funcName === 'assert') {
+          // Check first argument
+          if (expr.arguments && expr.arguments.length > 0) {
+            const arg = expr.arguments[0];
+            if (arg.type === 'Identifier') {
+              this.checkedVariables.add(arg.name);
+            }
+            // Handle !variable pattern
+            if (arg.type === 'UnaryOperation' && arg.operator === '!' && arg.subExpression && arg.subExpression.type === 'Identifier') {
+              this.checkedVariables.add(arg.subExpression.name);
+            }
+          }
+        }
+      }
+    }
+
+    // Check for if (success) or if (!success)
+    if (node.type === 'IfStatement' && node.condition) {
+      if (node.condition.type === 'Identifier') {
+        this.checkedVariables.add(node.condition.name);
+      }
+      if (node.condition.type === 'UnaryOperation' && node.condition.operator === '!' && node.condition.subExpression && node.condition.subExpression.type === 'Identifier') {
+        this.checkedVariables.add(node.condition.subExpression.name);
+      }
+      // Recursively check inside if body
+      if (node.trueBody) this.scanForChecks(node.trueBody);
+      if (node.falseBody) this.scanForChecks(node.falseBody);
+    }
+
+    // Recursively check Block statements
+    if (node.type === 'Block' && node.statements) {
+      node.statements.forEach(stmt => this.scanForChecks(stmt));
+    }
+
+    // Check other nested structures
+    if (node.statements) {
+      node.statements.forEach(stmt => this.scanForChecks(stmt));
+    }
+  }
+
+  visitExpressionStatement(node) {
+    if (!node.expression) return;
+
+    const expr = node.expression;
+
+    // Check for call expressions
+    if (expr.type === 'FunctionCall') {
+      this.checkFunctionCall(expr, node);
+    }
+  }
+
+  checkFunctionCall(expr, parentNode) {
+    const code = this.getCodeSnippet(expr.loc);
+
+    // Check for low-level calls that should be checked
+    if (this.isLowLevelCall(code)) {
+      // If this is a standalone statement (not assigned or checked in if)
+      // it means the return value is ignored
+      if (parentNode.type === 'ExpressionStatement') {
+        // Determine severity based on call type
+        const isDelegatecall = code.includes('.delegatecall');
+        const hasValue = code.includes('{value:') || code.includes('{value :');
+
+        this.addFinding({
+          title: 'Unchecked Low-Level Call',
+          description: `Low-level call (${isDelegatecall ? 'delegatecall' : hasValue ? 'call with value' : 'call'}) return value is not checked. Failed calls will be silently ignored, potentially causing:\n` +
+            `- Fund loss (if sending ETH)\n` +
+            `- State inconsistency (balance decremented but transfer failed)\n` +
+            `- Silent failures in critical operations`,
+          location: this.getLocationString(expr.loc),
+          line: expr.loc ? expr.loc.start.line : 0,
+          column: expr.loc ? expr.loc.start.column : 0,
+          code: code,
+          severity: isDelegatecall ? 'CRITICAL' : 'HIGH',
+          confidence: 'HIGH',  // Definite unchecked call
+          exploitable: true,
+          attackVector: 'unchecked-call',
+          recommendation: 'Always check the return value of low-level calls. Use require(success, "error message") or implement proper error handling.',
+          references: [
+            'https://swcregistry.io/docs/SWC-104',
+            'https://consensys.github.io/smart-contract-best-practices/development-recommendations/general/external-calls/'
+          ]
+        });
+      }
+    }
+
+    // Check for .send() calls
+    if (code.includes('.send(')) {
+      if (parentNode.type === 'ExpressionStatement') {
+        this.addFinding({
+          title: 'Unchecked Send Return Value',
+          description: 'The .send() function returns false on failure, but the return value is not checked. This causes fund loss - user balance is decremented but ETH transfer fails silently.',
+          location: this.getLocationString(expr.loc),
+          line: expr.loc ? expr.loc.start.line : 0,
+          column: expr.loc ? expr.loc.start.column : 0,
+          code: code,
+          severity: 'HIGH',
+          confidence: 'HIGH',  // Definite unchecked send
+          exploitable: true,
+          attackVector: 'unchecked-call',
+          recommendation: 'Check the return value: require(recipient.send(amount), "Send failed"). Consider using .transfer() which reverts on failure, or .call{value: amount}() with proper checks.',
+          references: [
+            'https://swcregistry.io/docs/SWC-104'
+          ]
+        });
+      }
+    }
+  }
+
+  visitVariableDeclarationStatement(node) {
+    // Check if a call's return value is assigned but never used
+    if (node.variables && node.variables.length > 0) {
+      const variable = node.variables[0];
+
+      // Handle null variables (from tuple destruction like "(bool success, ) = ...")
+      if (variable && variable.name && node.initialValue) {
+        const code = this.getCodeSnippet(node.initialValue.loc);
+
+        if (this.isLowLevelCall(code)) {
+          // Check if variable name suggests it should be checked (like 'success')
+          if (variable.name.toLowerCase().includes('success')) {
+            // Store as potential issue - will be filtered later
+            this.potentialIssues.push({
+              variableName: variable.name,
+              finding: {
+                title: 'Low-Level Call Return Value Not Checked',
+                description: `Low-level call result assigned to '${variable.name}' but never validated. Failed calls will be silently ignored.`,
+                location: this.getLocationString(node.loc),
+                line: node.loc ? node.loc.start.line : 0,
+                column: node.loc ? node.loc.start.column : 0,
+                code: this.getCodeSnippet(node.loc),
+                recommendation: 'Add validation: require(success, "Call failed") or if (!success) revert("Call failed")',
+                references: [
+                  'https://swcregistry.io/docs/SWC-104'
+                ]
+              }
+            });
+          }
+        }
+      }
+    }
+  }
+
+  isLowLevelCall(code) {
+    return code.includes('.call(') ||
+           code.includes('.call{') ||
+           code.includes('.delegatecall(') ||
+           code.includes('.delegatecall{') ||
+           code.includes('.staticcall(') ||
+           code.includes('.staticcall{');
+  }
+
+  getLocationString(loc) {
+    if (!loc || !loc.start) return 'Unknown';
+    return `Line ${loc.start.line}, Column ${loc.start.column}`;
+  }
+}
+
+module.exports = UncheckedCallDetector;