Invalid State Manipulation

What it detects

The detector inspects state transitions to catch unauthorized writes or skipped checks that corrupt contract invariants. This includes changing ownership without verification or directly writing to sensitive storage slots.

Typical symptoms

Critical variables modified by anyone
Missing onlyOwner or role checks around updates

Solidity snippet (v0.8.25)

pragma solidity ^0.8.25;

contract Vault {
    address public owner;

    function setOwner(address newOwner) external {
        // No permission checks
        owner = newOwner;
    }
}

Why it matters on EVM

Manipulating state without proper validation can lead to full takeover or irreversible corruption of contract data.

What it detects​

Typical symptoms​

Solidity snippet (v0.8.25)​

Why it matters on EVM​

What it detects

Typical symptoms

Solidity snippet (v0.8.25)

Why it matters on EVM