v0.0.20

What's Changed

• Bump version to v0.0.20 by @alexroan in #294
• Fix/forge not installed in ci by @TilakMaddy in #292
• New browser module: previous and next sibling by @TilakMaddy in #291
• Docs: Email added to contributing doc by @alexroan in #303
• Detector improvement: Reduce false positives in unsafe ERC721 mint by @alexroan in #304
• Kill nyth by @alexroan in #307
• Detector templates by @alexroan in #308
• Kill Reusable Detectors by @alexroan in #309
• Kill criticals by @alexroan in #311

Release Notes

• Fail aderyn on forge build --ast failure
• get_next_sibling and get_previous_sibling
• Reduce false positives in Unsafe ERC20 mint detector
• Kill nyth
• Kill ReusableDetectors
• Kill Critical severity
• Detector templates in each severity folder

Full Changelog: v0.0.19...v0.0.20

v0.0.19

What's Changed

• v0.0.18 Staging by @alexroan in #236
• Broken history by @alexroan in #276
• Bump version to v0.0.19 by @alexroan in #278
• Accommodate for non default FOUNDRY_PROFILE by @TilakMaddy in #270
• Detector fix/enhancement : Do not catch internal functions used only once that start with _ by @TilakMaddy in #268
• New Detector: Unprotected initialize function by @TilakMaddy in #257
• Browser module for sort_by_line_nos() for an array of ASTNodes + (Hidden Test Fix) by @TilakMaddy in #279
• New detector: Inconsistent type names detector by @TilakMaddy in #258
• Debt: Clean foundry environment by @alexroan in #288
• Enhancement/renaming thread by @TilakMaddy in #289

Release Notes:

• Reduce the amount of Rust code required for AST traversal abstractions (extractor patter, parent(), etc)
• Alter Nyth init flow to build --ast
• Accommodate for non-default FOUNDRY_PROFILE
• sort_by_src_position - with a vector of nodes, this sorts them by their position in the code (useful for things like CEI pattern)
• Rename parents references to ancestors
• Detectors:
  • NEW:
    • Unprotected initialize functions
    • Inconsistent unit(256) and int(256) type declarations within a contract
  • FIX: Internal functions used only once now ignores functions with underscore prefixes

Full Changelog: v0.0.18...v0.0.19

v0.0.18

What's Changed

• v0.0.17 Staging by @alexroan in #226
• Feature/docker by @lukapodlesnik in #233
• Feature/ Implementation of Node interface for ASTNode unlocks the whole Extraction Library by @TilakMaddy in #237
• Detector improvements: centralization & Zero address by @alexroan in #239
• bump version by @alexroan in #240
• New Detector: Modifiers used only once can be shoe-horned into the function itself by @TilakMaddy in #218
• Multiple detector improvements by @alexroan in #244
• Cross compilation in CI by @alexroan in #245
• Speed up cli/reportgen.sh by 10x by @TilakMaddy in #246
• Utility function - immediate children on any Node (or) ASTNode by @TilakMaddy in #247
• Allow to find relative location between ASTNodes (appears_after and appears_before) by @TilakMaddy in #248
• New Detector: Empty blocks of code should be removed by @TilakMaddy in #217
• Chore: Master merge by @alexroan in #251
• Fix for override specifier propagation in modifier by @TilakMaddy in #250

New Contributors

• @lukapodlesnik made their first contribution in #233

Full Changelog:

• Dockerfile
• DevEx improvements:
  • Node interface for ASTNode enabling more abstractions for the Extractor library
  • Extract immediate children from Node or ASTNode
  • appears_before and appears_after in the source code for AST nodes.
  • reportgen speedup
• Detector improvements:
  • #234
  • #235
  • #241
  • #242
  • #243
• New Detectors:
  • NC: modifiers used only once can be inlined
  • NC: Empty code blocks
• CI: Cross-compilation

v0.0.17

• Fixes:
  • Parent corruption in identifiers.
  • CLOC panic when an empty solidity file is input.
• Remove aderyn_nodejs until a better solution is found.
• Output to stdout with --stdout arg. (useful for toolchains)
• ASTNode abstractions:
  • capture! allows for abstracted ASTNode types to be passed in as well as specific node types - Makes capturing cleaner.
  • x.closest_parent_of_type(context, NodeType::Block) where x can be an ASTNode type instead of a specific type.
• New Detectors:
  • NC: Internal functions used only once could be inlined
  • NC: Large literals should be replaced with scientific notation

v0.0.16

• Changed BTreeMap structure to include the exact source location as well as contract path and line number.
• Print the exact src location in the json output for tool usage
• Improvements to the Constants instead of Literals detector
• id() method for AST Nodes
• nyth accepts same flags as aderyn
• AST traversal:
  • .parent() accessor
  • GetParent replaced with new "closest parent of type X"
  • Full parent chain retrieval
• ADERYN_CLOC_SKIP=1 flag to skip line counting
• Better framework error message

v0.0.15

• Detectors run in parallel.
• Readme files in each major crate.
• FunctionCallOptions extractor.
• Nyth - errors when init run on an existing folder.
• Revamped parent node retrieval.
• Alter foundry driver to account for Foundry removing AST from the output by default

v0.0.14

• NEW: judgeops - a tool for judging the effectiveness of detectors
• Fix: Handle instances in Foundry where two contracts are in different directories but have the same name. (fixes #169 )
• Tech Debt: Naming fixes to delineate between Issue and Reusable Detectors
• Reintroduce getters in WorkspaceContext

v0.0.13

aderyn:

• FIX: Windows contract path issue (#153 )
• DevEx:
  • More readable detector imports.
  • Name change: ContextLoader -> WorkspaceContext.
• New Features:
  • aderyn.config.json.
  • default ROOT option is now ., so aderyn can be run by itself without args.
  • Detectors are split into two types: IssueDetectors and ReusableDetectors.

nyth:

• FIX: Extractors now available in nyth projects.
• Commands:
  • nyth init to create a new nyth bot
  • nyth new <DETECTOR_TYPE> <DETECTOR_NAME> to create a detector.
    • DETECTOR_TYPE options: issue and reusable
    • DETECTOR_NAME no longer needs the path, it only needs the name.
    • This command must be run from inside the bot now.

v0.0.12

Fixes:

• Length of a TypeName can be any Expression - fixing #104
• Line number issues - fixing #118

New Features:

• capture macro to make detectors more readable
• Ability to run external detectors
• Detector development framework (nyth)

v0.0.11

• UX Features:
  • --no-snippets flag to prevent code snippets being printed in the report.
  • --scope option to only include paths that contain any of the input strings.
  • --exclude option to exclude paths that contain any of the input strings.
  • Remove different_storage_conditionals detector due to non-determinism.
• DevEx Features:
  • Extractor Pattern - Enable detectors to extract any node type at any depth from a node. For example, extract all VariableDeclarations inside a ContractDefinition. This will extract every instance of VariableDefinition, whether defined as state variables, local function variables, parameter definitions, and in any other location.
  • GetParent Pattern - Enables detectors to find the parent SourceUnit, ContractDefinition, FunctionDefinition and ModifierDefinition of any node. This makes traversing up the tree possible (albeit not as feature-complete as the Extractor pattern.
  • capture macro reduces the cognitive load to writing detectors by providing a simple issue-capturing function.
• Bug Fixes:
  • AST TypeName length can be an Expression.
  • Incorrect line numbers and snippets when non-ASCII chars are present in the source file.