📄️ Bad Randomness
Detects contracts that rely on insecure or predictable sources of randomness.
📄️ Block Attributes Misuse
Detects reliance on block.timestamp, block.number, or other attributes in ways that break assumptions.
📄️ Blockhash Dependence
Detects contracts that rely on `blockhash` for randomness or critical control flow.
📄️ Improper/Missing L2 Sequencer Check
Detects contracts that rely on optimistic rollup sequencers without verifying their up-time or status.
📄️ Improper Use of Oracle Heartbeats
Detects heartbeats that are ignored or misconfigured, allowing stale oracle data to persist.
📄️ Incorrect Nonce Update (Signature Replay Attack)
Detects when nonces or sequence numbers are not updated properly, enabling signature reuse.
📄️ Invalid State Manipulation
Detects unauthorized or illogical changes to contract storage that break invariants.
📄️ Missing/Improper Check on Oracle Data
Detects when oracle results are used without validating their authenticity or range.
📄️ Stale Oracle
Detects reliance on outdated oracle data that may no longer reflect current market conditions.
📄️ Stale Price Risk
Detects when protocols rely on price data that may become outdated and lead to incorrect decisions.
📄️ Timestamp Dependence
Detects reliance on `block.timestamp` for critical logic that miners can manipulate within a short range.
📄️ Tx Origin
Detects any use of `tx.origin` in authorization or decision making logic.
📄️ Uninitialized Storage Vulnerabilities
Detects storage pointers that are not properly initialized, leading to clobbered state.
📄️ Unsafe Use of Tx Origin
Detects authorization logic that relies on `tx.origin`, exposing the contract to phishing attacks.
📄️ Oracle & State
This section groups detectors that monitor how contracts interact with oracles and maintain state assumptions. Issues here often arise from stale data, incorrect sequencing, or misuse of block attributes.