Control Flow & Misc | Bug Hunter

📄️ Attacker Controlled Delegatecall

Detects delegatecall targets that an attacker can influence.

Flags contracts that let arbitrary users trigger self-destruct.

Detects inheritance orders that override functions unintentionally.

Highlights any use of delegatecall for further review.

Detects patterns that let attackers block contract functionality.

Finds assignments that mistakenly modify memory rather than storage.

Detects send patterns affected by the 1/64th gas forwarding rule.

Finds keccak usage that concatenates variable-length fields unsafely.

Detects functions that use the wrong visibility specifier.

Alerts when keccak256 hashes memory regions of differing lengths.

Detects admin address validations that are missing or faulty.

Finds dangerous or unintended uses of the CREATE2 opcode.

Marks code that contradicts a formally specified property.

Detects vulnerable external calls that allow reentrant execution.

Flags contracts that execute or expose the selfdestruct opcode.

Highlights misspelled variable or function names in code.

Detects loops that may run indefinitely or exceed gas limits.

Finds external calls where the return value is ignored.

Detects external calls that are not gated by access controls.

Flags delegatecall usages that lack proper safeguards.

Warns about confusing Unicode characters that may obfuscate code.

Highlights contracts that include inline assembly blocks.

Detects input validation that fails to halt execution properly.

Miscellaneous and control flow related detectors.