Releases: Cyfrin/aderyn
Releases · Cyfrin/aderyn
Release v0.3.3
Features
- Implement init with an optional path to create
aderyn.toml
shoutout to @mgiagante #762
Fixes
- Account for revert statements not just revert functions in require/revert in loop detector
- Catch only ERC20 functions when reporting unsafe transfer
Modifications
- Lower the severity of UncheckedReturn detector
- Lower the severity of block.timestamp in deadline detector
- Lower the severity of delegate call in loop detector
- Arbitrary transfer from has a new strategy
Removed
- Uninitialized state variable detector
Funding
- Create
funding.json
for gitcoin
Release v0.3.2
What's Changed
- Shorten names (Start of 0.3.2) by @TilakMaddy in #759
- Bump version to 0.3.2 by @TilakMaddy in #760
Full Changelog: v0.3.1...v0.3.2
Release v0.3.1
NOTE: This binary will still display 0.3.0 when
aderyn --version
is run instead of 0.3.1, that was a deployment mistake from me (@TilakMaddy). Apologies for the inconvenience
What's Changed
- Allow for
sendValue
on address to be recognized as a withdraw function by @TilakMaddy in #748 - Relax fixed pragma constraints on library contract files by @TilakMaddy in #740
- Fix: Allow aderyn to exit without crashing if update-check fails by @TilakMaddy in #753
- Rename
ConstantsInsteadOfLiterals
detector to better suit//aderyn-ignore-(..)
by @TilakMaddy in #737 - Fixed minor typo by @Ritik-Agarwal50 in #741
- Refactor More Detector Names to suit
//aderyn-ignore..
pattern by @TilakMaddy in #739 - Low Detector: State variable could be marked immutable + Inter Context Merge Strategy by @TilakMaddy in #734
- standardize rust formatting with
rustfmt.toml
by @TilakMaddy in #755 - feat: Add refactor commit to blame-ingore-revs by @TilakMaddy in #756
New Contributors
- @Ritik-Agarwal50 made their first contribution in #741
Full Changelog: v0.3.0...v0.3.1
Release v0.3.0
Changelog
- Introduction of LSP Server (Beta)
--lsp
- This replaces
--watch
mode.
- This replaces
- New detectors:
- LOW: State changed but no event emitted
- LOW: Multiple placeholders in modifier
- Unchecked block support
- Expression Statements as first class nodes
make help
andmake pr
to aid contributor devex flow- ASCII art on
cyfrinup
installation - Panic handler
aderyn init
for creatingaderyn.toml
files
What's Changed
- Bump quinn-proto from 0.11.3 to 0.11.8 by @dependabot in #711
- LSP integration by @TilakMaddy in #710
- State variables manipulated but no event emitted by @TilakMaddy in #714
- Fix: Brings support for skipped
unchecked
solidity blocks by @TilakMaddy in #723 - Added [BETA] output to LSP flag by @alexroan in #728
- Remove watch mode remnants by @alexroan in #731
- Fix: Treat
Expression Statement
as a first class Node by @TilakMaddy in #724 - Skip serializing
src_char2
in JSON report by @TilakMaddy in #730 - Fix: visit unchecked block by @TilakMaddy in #733
- imp:
make help
,make pr
,gitattributes
by @TilakMaddy in #716 - (Enhancement) Add AsciiArt Install Banner by @xyizko in #718
- imp: Panic handler for aderyn by @TilakMaddy in #719
- Feat: aderyn init by @TilakMaddy in #722
- Low detector: Multiple placeholders in modifier by @TilakMaddy in #726
- Bump version to 0.3.0 by @alexroan in #743
New Contributors
Full Changelog: v0.2.0...v0.3.0
Release v0.2.0
What's Changed
- Fix helper func - check for "value" as a name in function options by @TilakMaddy in #695
- Feature: Set default source to
contracts/
for hardhat projects by @TilakMaddy in #705 - Feature: Add hints per instance found by @TilakMaddy in #650
- Features: Aderyn Ignore Custom detectors by @TilakMaddy in #704
- Detector: Uninitialized local variables (Already reviewed before) by @TilakMaddy in #671
- Detector: Dead code (Very simple logic) by @TilakMaddy in #673
- Detector: Function Pointers in constructors by @TilakMaddy in #693
- Detector: Unchecked low level calls by @TilakMaddy in #694
- Improvement: delegate-call in loop uses Callgraph by @TilakMaddy in #692
- Detector: State variable that could be declared constant by @TilakMaddy in #672
- Detector: Void constructor (ALT. Solution) by @TilakMaddy in #674
- Bump version to 0.2.0 by @alexroan in #708
- Fix: Don't report issues with no instances (after aderyn ignore was introduced) by @TilakMaddy in #681
- Detector: Unused Imports by @TilakMaddy in #700
- Detector: Local variable shadowing (Attempt 2) - Already reviewed before by @TilakMaddy in #683
- Detector: Missing Inheritance by @TilakMaddy in #701
- Fix: Send Ether No Checks (Change satisfaction condition from
msg.sender
to any address) by @TilakMaddy in #703
Full Changelog: v0.1.11...v0.2.0
Release v0.1.11
Changelog
- New Detectors:
- HIGH: Incorrect ERC20 interface
- HIGH: Out of order L1->L2 retryable transactions
- HIGH: Incorrect ERC721 interface
- HIGH: Constant function changing state
- HIGH: Function signature collision
- LOW: State variable initialized in a function
- LOW: Builtin symbol shadowing
- LOW: Costly operations within loops
- LOW: State change inside assert
- LOW: Cache array length
- Python bindings
- DevEx: Refactor callgraph naming and file structure
What's Changed
- Detector: Incorrect ERC20 interface by @TilakMaddy in #654
- Detector: State variable initialized by function by @TilakMaddy in #659
- Detector: Out of Order Retryable by @TilakMaddy in #660
- Feat: add python binding by @programskillforverification in #640
- Detector: Incorrect ERC721 contract by @TilakMaddy in #655
- Detector: Builtin Symbol Shadow by @TilakMaddy in #665
- Refactor Callgraph by @alexroan in #669
- Detector: Constant Function changing state by @TilakMaddy in #661
- Detector: Costly operations with loops by @TilakMaddy in #662
- Detector: Assert state change by @TilakMaddy in #663
- Detector: Cache array length by @TilakMaddy in #664
- Remove
investigator
keyword forcallgraph
by @alexroan in #679 - Detector: Function signature collision by @TilakMaddy in #670
- Bump version 0.1.11 by @alexroan in #680
New Contributors
- @programskillforverification made their first contribution in #640
Full Changelog: v0.1.10...v0.1.11
Release v0.1.10
Changelog
- Fix AST Nodes to account for
None
return parameters when returning from a modifier. - Detectors:
- LOW: Unused private/internal state variables
- LOW: Return bomb
What's Changed
- Detector: Unused
private
/internal
state variables by @TilakMaddy in #643 - Fix AST Node - Account for returns in a modifier (To be included in aderynV0.1.9) by @TilakMaddy in #644
- Bump version to 0.1.10 by @alexroan in #656
- Detector: Return bomb by @TilakMaddy in #645
- Detector: Uninitialized local variables by @TilakMaddy in #646
- Revert "Detector: Uninitialized local variables" by @alexroan in #658
Full Changelog: v0.1.9...v0.1.10
Release v0.1.9
Release Notes
New Detectors:
- HIGH: Unchecked
send
return value - HIGH: Storage Signed Integer Array
- HIGH: Strict ETH balance equality
- HIGH: Tautology or Contradiction
- HIGH: Contract that locks ETH
- HIGH: msg.value used inside a loop
- HIGH: Bad use of tx.origin
- LOW: Boolean equality
- LOW: State variable read in an external context
- LOW: Redundant statements
- LOW: Constant functions contain assembly
Fixes:
- State variable shadowing - title and description fix
- Upgrade check checks github releases instead of cargo releases
What's Changed
- Detector: Unchecked
send()
on address by @TilakMaddy in #611 - Detector: Public variable read in an external context by @TilakMaddy in #619
- Detector Redundant statements by @TilakMaddy in #621
- Detector: Storage signed integer array by @TilakMaddy in #624
- Detector: Strict Equality Check on Contracts' balances by @TilakMaddy in #625
- Detector: Tautology or contradiction by @TilakMaddy in #623
- Fix title & desc - state variable shadowing by @TilakMaddy in #629
- Detector: Contract that locks ether by @TilakMaddy in #630
- Fix:
load_solidity_with_source_unit
should load callgraphs by default by @TilakMaddy in #637 - Detector:
msg.value
used in loop by @TilakMaddy in #636 - Detector: Bad use of
tx.origin
by @TilakMaddy in #642 - Check Github releases for upgraded version, instead of crates.io by @alexroan in #647
- Detector: Boolean equality by @TilakMaddy in #633
- Detector: constant functions contains assembly by @TilakMaddy in #641
- Bump version to 0.1.9 by @alexroan in #652
Full Changelog: v0.1.8...v0.1.9
Release v0.1.8
Changelog
Aderyn passed 50 detectors! 🥳 5️⃣ 0️⃣ ➕
- New detectors:
- HIGH: Uninitialized state variables consumed
- HIGH: Dangerous Unary Operator
- HIGH: Unchecked return value
- HIGH: Right to left special character used
- HIGH: Tautological conditional
- HIGH: Misused Boolean
- HIGH: Functions sending ETH without msg.sender checks
- HIGH: Delegatecall to an unprotected address
- HIGH: Deletion of nested mapping
- HIGH: Usage of pre-declared local variables
- HIGH: Weak Randomness (First contribution from @DavidDrob !! 🥳 👏 )
- Optimize release binary for speed
- Callgraph preprocessing allowing for detectors to search upstream and downstream callgraph <3
What's Changed
- New Detector: (Low) Uninitialized state vars consumed by @TilakMaddy in #591
- Detector: Dangerous Unary operator by @TilakMaddy in #613
- Detector: Unchecked return value by @TilakMaddy in #612
- Detector: RTLO by @TilakMaddy in #610
- Detector: Tautology by @TilakMaddy in #609
- Release binary optimized for speed by @TilakMaddy in #615
- Global pre-processing for leveraging callgraphs by @TilakMaddy in #605
- Detector: Misused boolean by @TilakMaddy in #607
- Detector: Deletion of nested mapping by @TilakMaddy in #616
- Bump version 0.1.8 by @alexroan in #626
- Remove templegold from CI report checks by @alexroan in #627
- Detector: Usage of pre-declared variables. by @TilakMaddy in #617
- Detector: Weak Randomness by @DavidDrob in #618
New Contributors
- @DavidDrob made their first contribution in #618
Full Changelog: v0.1.7...v0.1.8
Release v0.1.7
reportgen