Validation Check Does Not Fall Through

What it detects

Sometimes a require statement or validation check is present but placed incorrectly, allowing execution to continue even when the condition fails. This detector finds logic that performs a check yet doesn't stop or revert on failure.

Typical symptoms

if statements that only emit events on invalid input
Reverts missing after failing a validation

Solidity snippet (v0.8.25)

pragma solidity ^0.8.25;

contract Validate {
    function doThing(uint256 amount) external {
        if (amount == 0) {
            emit Invalid();
            // Execution continues without revert
        }
        // ... continue processing
    }

    event Invalid();
}

Why it matters on EVM

Improper validation flow can let attackers bypass security checks, leading to incorrect state changes or fund transfers.

What it detects​

Typical symptoms​

Solidity snippet (v0.8.25)​

Why it matters on EVM​

What it detects

Typical symptoms

Solidity snippet (v0.8.25)

Why it matters on EVM