-
Notifications
You must be signed in to change notification settings - Fork 3
Detectors
- Name:
arbitrary_asset_transfer - Severity: 🔴 High
Checks for functions that transfer native assets to an arbitrary address without access restriction.
Ensure that an arbitrary user cannot access unauthorised funds.
- Name:
arbitrary_code_execution - Severity: 🔴 High
Checks for functions that make use of the LDC assembly instruction without access restriction.
Ensure that only the contract’s owner can fetch code from a set of whitelisted addresses.
- Name:
boolean_comparison - Severity: 🟢 Low
Checks if an expression contains a comparison with a boolean literal, which is unnecessary.
Remove the redundant boolean literal.
- Name:
discarded_assignment - Severity: 🔴 High
Checks for variables that are assigned to without being utilized.
Remove the redundant code or utilize such variables.
- Name:
division_before_multiplication - Severity: 🟢 Low
Checks for division operations before multiplications, which can result in value truncation.
Do the multiplication before the division to avoid truncating the result.
- Name:
explicit_return_statement - Severity: 🟢 Low
Checks for functions that end with explicit return statements, which is unnecessary.
Opt for the rust-like coding style for the returned value.
- Name:
external_call_in_loop - Severity: 🟡 Medium
Checks if any functions contain any loops which performs calls to external functions.
Avoid external calls in a loop, especially in one of dynamic size.
- Name:
inline_assembly_usage - Severity: 🟡 Medium
Checks functions for inline assembly usage.
Avoid using low-level assembly unless it’s necessary.
- Name:
large_literal - Severity: 🟢 Low
Checks for expressions that contain large literal values, which may be difficult to read or interpreted incorrectly.
Consider delineating large literal values with underscores to improve readability, e.g: 1_234_567_890
- Name:
locked_native_asset - Severity: 🔴 High
Checks if a contract can withdraw potential incoming native assets.
Consider adding a withdraw function.
- Name:
magic_number - Severity: 🟢 Low
Checks for expressions that contain irregular numerical constants that can be introduced as named constants.
Create named constants for magic numbers to improve code readability.
- Name:
manipulatable_balance_usage - Severity: 🟡 Medium
Checks if any functions contain balance usage which can potentially be manipulated.
Ensure that contracts do not rely on an asset's balance for critical computations.
- Name:
missing_logs - Severity: 🟡 Medium
Checks for publicly-accessible functions that make changes to storage variables without emitting logs.
Emit logs for critical storage variable changes.
- Name:
msg_amount_in_loop - Severity: 🟡 Medium
Checks for calls to std::context::msg_amount() or std::registers::balance() inside a while loop. In most cases, the result of the call should be stored in a local variable and decremented over each loop iteration.
Store the value of std::context::msg_amount() or std::registers::balance() in a local variable and decrement it over each loop iteration.
- Name:
non_zero_identity_validation - Severity: 🟢 Low
Checks to see if functions containing Identity, Address and ContractId parameters are checked for a zero value.
Add the necessary require checks for all Identity, Address and ContractId parameters.
- Name:
potential_infinite_loop - Severity: 🔴 High
Checks for potentially infinite loops.
Ensure that loops have a defined range and exit point in order to prevent infinite loops.
- Name:
redundant_comparison - Severity: 🟡 Medium
Checks for functions that make redundant comparisons.
Avoid redundant comparisons to reduce the gas used or avoid a logical issue.
- Name:
redundant_storage_access - Severity: 🟡 Medium
Checks for redundant calls to storage.x.read() and storage.x.write(x).
Use local variables to hold the storage lookup result.
- Name:
storage_field_mutability - Severity: 🟢 Low
Checks for any storage fields that can be refactored into constants or configurable fields.
Consider changing such storage fields with constants or configurable fields to reduce the gas cost.
- Name:
storage_not_updated - Severity: 🔴 High
Checks for local variables that are read from storage, then modified without being written back to storage.
Write back to storage after all changes to the local variables.
- Name:
storage_read_in_loop_condition - Severity: 🟢 Low
Checks for loops that contain a storage read in their condition, which can increase gas costs for each iteration.
Use a local variable to hold the loop computation result.
- Name:
strict_equality - Severity: 🔴 High
Checks for the use of strict equalities, which can be manipulated by an attacker.
Avoid using strict equalities that can be manipulated by an attacker to avoid DoS attacks.
- Name:
unchecked_call_payload - Severity: 🟢 Low
Checks for functions that supply a raw_ptr argument to the CALL assembly instruction, or a Bytes argument without checking its length.
If the payload supplied to the CALL assembly instruction is arbitary, ensure its length is at least 32 bytes long.
- Name:
unprotected_initialization - Severity: 🔴 High
Checks for initializer functions that can be called without requirements.
Impose access control to all initialization functions.
- Name:
unprotected_storage_variable - Severity: 🔴 High
Checks for functions that make changes to storage variables without access restriction.
Impose access control to all functions that make critical storage variable changes.
- Name:
unsafe_timestamp_usage - Severity: 🟡 Medium
Checks for dependence on std::block::timestamp or std::block::timestamp_of_block, which can be manipulated by an attacker.
Avoid relying on std::block::timestamp or std::block::timestamp_of_block.
- Name:
unused_import - Severity: 🟢 Low
Checks for imported symbols that are not used.
Remove all unnecessary imports.
- Name:
weak_prng - Severity: 🟡 Medium
Checks for weak PRNG due to a modulo operation on a block timestamp.
Avoid insecure mechanisms as a source of randomness.