Release v0.1.11

Changelog

• New Detectors:
  • HIGH: Incorrect ERC20 interface
  • HIGH: Out of order L1->L2 retryable transactions
  • HIGH: Incorrect ERC721 interface
  • HIGH: Constant function changing state
  • HIGH: Function signature collision
  • LOW: State variable initialized in a function
  • LOW: Builtin symbol shadowing
  • LOW: Costly operations within loops
  • LOW: State change inside assert
  • LOW: Cache array length
• Python bindings
• DevEx: Refactor callgraph naming and file structure

What's Changed

• Detector: Incorrect ERC20 interface by @TilakMaddy in #654
• Detector: State variable initialized by function by @TilakMaddy in #659
• Detector: Out of Order Retryable by @TilakMaddy in #660
• Feat: add python binding by @programskillforverification in #640
• Detector: Incorrect ERC721 contract by @TilakMaddy in #655
• Detector: Builtin Symbol Shadow by @TilakMaddy in #665
• Refactor Callgraph by @alexroan in #669
• Detector: Constant Function changing state by @TilakMaddy in #661
• Detector: Costly operations with loops by @TilakMaddy in #662
• Detector: Assert state change by @TilakMaddy in #663
• Detector: Cache array length by @TilakMaddy in #664
• Remove investigator keyword for callgraph by @alexroan in #679
• Detector: Function signature collision by @TilakMaddy in #670
• Bump version 0.1.11 by @alexroan in #680

New Contributors

• @programskillforverification made their first contribution in #640

Full Changelog: v0.1.10...v0.1.11

Release v0.1.10

Changelog

• Fix AST Nodes to account for None return parameters when returning from a modifier.
• Detectors:
  • LOW: Unused private/internal state variables
  • LOW: Return bomb

What's Changed

• Detector: Unused private / internal state variables by @TilakMaddy in #643
• Fix AST Node - Account for returns in a modifier (To be included in aderynV0.1.9) by @TilakMaddy in #644
• Bump version to 0.1.10 by @alexroan in #656
• Detector: Return bomb by @TilakMaddy in #645
• Detector: Uninitialized local variables by @TilakMaddy in #646
• Revert "Detector: Uninitialized local variables" by @alexroan in #658

Full Changelog: v0.1.9...v0.1.10

Release v0.1.9

Release Notes

New Detectors:

• HIGH: Unchecked send return value
• HIGH: Storage Signed Integer Array
• HIGH: Strict ETH balance equality
• HIGH: Tautology or Contradiction
• HIGH: Contract that locks ETH
• HIGH: msg.value used inside a loop
• HIGH: Bad use of tx.origin
• LOW: Boolean equality
• LOW: State variable read in an external context
• LOW: Redundant statements
• LOW: Constant functions contain assembly

Fixes:

• State variable shadowing - title and description fix
• Upgrade check checks github releases instead of cargo releases

What's Changed

• Detector: Unchecked send() on address by @TilakMaddy in #611
• Detector: Public variable read in an external context by @TilakMaddy in #619
• Detector Redundant statements by @TilakMaddy in #621
• Detector: Storage signed integer array by @TilakMaddy in #624
• Detector: Strict Equality Check on Contracts' balances by @TilakMaddy in #625
• Detector: Tautology or contradiction by @TilakMaddy in #623
• Fix title & desc - state variable shadowing by @TilakMaddy in #629
• Detector: Contract that locks ether by @TilakMaddy in #630
• Fix: load_solidity_with_source_unit should load callgraphs by default by @TilakMaddy in #637
• Detector: msg.value used in loop by @TilakMaddy in #636
• Detector: Bad use of tx.origin by @TilakMaddy in #642
• Check Github releases for upgraded version, instead of crates.io by @alexroan in #647
• Detector: Boolean equality by @TilakMaddy in #633
• Detector: constant functions contains assembly by @TilakMaddy in #641
• Bump version to 0.1.9 by @alexroan in #652

Full Changelog: v0.1.8...v0.1.9

Release v0.1.8

Changelog

Aderyn passed 50 detectors! 🥳 5️⃣ 0️⃣ ➕

• New detectors:
  • HIGH: Uninitialized state variables consumed
  • HIGH: Dangerous Unary Operator
  • HIGH: Unchecked return value
  • HIGH: Right to left special character used
  • HIGH: Tautological conditional
  • HIGH: Misused Boolean
  • HIGH: Functions sending ETH without msg.sender checks
  • HIGH: Delegatecall to an unprotected address
  • HIGH: Deletion of nested mapping
  • HIGH: Usage of pre-declared local variables
  • HIGH: Weak Randomness (First contribution from @DavidDrob !! 🥳 👏 )
• Optimize release binary for speed
• Callgraph preprocessing allowing for detectors to search upstream and downstream callgraph <3

What's Changed

• New Detector: (Low) Uninitialized state vars consumed by @TilakMaddy in #591
• Detector: Dangerous Unary operator by @TilakMaddy in #613
• Detector: Unchecked return value by @TilakMaddy in #612
• Detector: RTLO by @TilakMaddy in #610
• Detector: Tautology by @TilakMaddy in #609
• Release binary optimized for speed by @TilakMaddy in #615
• Global pre-processing for leveraging callgraphs by @TilakMaddy in #605
• Detector: Misused boolean by @TilakMaddy in #607
• Detector: Deletion of nested mapping by @TilakMaddy in #616
• Bump version 0.1.8 by @alexroan in #626
• Remove templegold from CI report checks by @alexroan in #627
• Detector: Usage of pre-declared variables. by @TilakMaddy in #617
• Detector: Weak Randomness by @DavidDrob in #618

New Contributors

• @DavidDrob made their first contribution in #618

Full Changelog: v0.1.7...v0.1.8

Release v0.1.7

reportgen

Release v0.1.6

Changelog

• Detectors:
  • HIGH: Experimental Encoder
  • HIGH: Storage array passed as memory won't be updated in storage
  • HIGH: Incorrect assembly shift parameter order
  • HIGH: Multiple constructors
  • HIGH: Reused Contract name
  • HIGH: Nested structs in mappings pre-0.5.0
  • HIGH: Dynamic array length assignment
  • HIGH: Avoid selfdestruct
  • HIGH: Return function inside Yul block
  • HIGH: Incorrect caret operator
  • HIGH: State variable shadowing
• Yul: YulIdentifier, YulFunctionCall and YulLiteral support in workspace context
• Fix load_source_unit parsing older compiler versions where the json is printed over many lines
• Remove unnecessary cargo test runs in CI
• // aderyn-ignore and // aderyn-ignore-next-line
• AST code refactor
• Fix EventDefinition at SourceUnit level error (Fixes #599 )
• CI optimizations

What's Changed

• Detector: HIGH: Experimental Encoder by @alexroan in #579
• Detector: Storage passed as memory by @alexroan in #581
• Detector: Incorrect Assembly Shift Parameter Order by @alexroan in #582
• Detector: Multiple constructors by @alexroan in #583
• Detector: Reused contract name by @alexroan in #584
• Detector: Nested structs in mappings pre-0.5.0 by @alexroan in #585
• Avoid Potential Panic due to unknown array direct index access - Incorrect Shift Detector by @TilakMaddy in #587
• New Detector: Dynamic Array Length Assignment by @TilakMaddy in #588
• New Detector: selfdestruct by @TilakMaddy in #589
• Detect disable aderyn comments by @TilakMaddy in #567
• Big AST Refactor by @TilakMaddy in #586
• New Detector: (High) return function call inside Yul Block by @TilakMaddy in #596
• New Detector: (High) Incorrect caret operator by @TilakMaddy in #590
• Detector: State variable shadowing by @alexroan in #592
• Fix/ support for event definition added by @TilakMaddy in #598
• CI Build speed optimizations by @TilakMaddy in #601

Full Changelog: v0.1.5...v0.1.6

Release v0.1.5

What's Changed

• Upgrade foundry-config to latest version by @alexroan in #564
• Feat: Add character offset and length to JSON report (Important for VSCode extension to work) by @TilakMaddy in #566
• Bump version to v0.1.5 by @alexroan in #570
• HIGH Detector: EnumerableSet removal causes corrupted order by @alexroan in #571
• Fix/Cover other types of loops for Enumerable Set unsafe removal detector by @TilakMaddy in #572
• README: Remove cargo as a recommended install option by @alexroan in #576
• Fix TempleDao repo issues by @alexroan in #577

Changelog

• Add Character offset and length to JSON report to complement byte offset and length
• foundry-config package update to handle latest versions of solc
• Remove cargo as a recommended install path
• Fix unreachable and name_location panics
• Detectors:
  • HIGH: EnumerableSet removal in loop causes corrupted order (props to @devdacian)

Starting with this version, the aderyn rust crates will no longer be published. This is deprecated in favour of cyfrinup installation.

Full Changelog: v0.1.4...v0.1.5

Release v0.1.4

What's Changed

• Extractor pattern for newly added nodes by @TilakMaddy in #551
• Bump version to 0.1.4 by @alexroan in #561
• Graceful failure with good error message when no solidity files found ! by @TilakMaddy in #499
• tests tests tests tests More AST tests by @TilakMaddy in #553
• Remove unused framework module by @TilakMaddy in #555
• Update lock file dependencies with cargo update by @TilakMaddy in #559
• Markdown Printer optimization by @TilakMaddy in #552
• MacOS: x86_64 binary - use macos with intel chip as runner by @TilakMaddy in #562
• update readme to include cyfrinup install steps by @RensR in #546
• Fix Overzealous Zero Address Checker Detector by @alexroan in #563
• Fix SARIF report issue locations by @alexroan in #565

New Contributors

• @RensR made their first contribution in #546

Full Changelog: v0.1.3...v0.1.4

Release v0.1.3

What's Changed

• Changed license to GPL by @alexroan in #528
• AST Improvements + Adding prb math to CI by @TilakMaddy in #513
• Bump version to 0.1.3 by @alexroan in #532
• More concise issue templates by @alexroan in #533
• Release CI sets latest release by @alexroan in #536
• Fix: Empty config values treated as None by @alexroan in #538
• Feature : Cyfrinup dynamic script by @TilakMaddy in #540
• AST Checklist - Part 1 by @TilakMaddy in #537
• AST Checklist - Part 1.5 (Identifier referenced declaration made optional) by @TilakMaddy in #549
• AST Checklist - Part 2 by @TilakMaddy in #539
• AST Checklist - Part 3 by @TilakMaddy in #542
• Update installer path by @alexroan in #554

Full Changelog: v0.1.2...v0.1.3

Release v0.1.2

What's Changed

• Detector refactor: remove nested for loop by @TilakMaddy in #498
• Bump version to v0.1.2 by @alexroan in #506
• Readme ICF updates by @alexroan in #507
• Added --highs-only by @TilakMaddy in #497
• Fix Detector/ Do not capture unused public functions if they live in an abstract contract by @TilakMaddy in #509
• Fix/ Added support for Free Functions to AST by @TilakMaddy in #508
• Reportgen on latest dev branch by @alexroan in #515
• cyfrinup by @alexroan in #514
• cyfrinup: Fix path from feature branch to master by @alexroan in #520

Changelog

• Formal release CI and cyfrinup installer/updater
• Detector Improvements:
  • Remove nested loop from useless_modifier
  • useless_public_functions detector should not capture functions in abstract contracts
• Update README to account for ICF and no dependency on Foundry being installed
• --highs-only flag (as requested by @devtooligan)
• AST: support FunctionDefinitions at the SourceUnit level.

Full Changelog: v0.1.1...v0.1.2