51 docs tagged with "detector"

Detects scenarios where an attacker can increase their balance by exploiting faulty accounting logic.

Detects delegatecall targets that an attacker can influence.

Flags contracts that let arbitrary users trigger self-destruct.

Detects contracts that rely on insecure or predictable sources of randomness.

Detects reliance on block.timestamp, block.number, or other attributes in ways that break assumptions.

Detects contracts that rely on `blockhash` for randomness or critical control flow.

Detects inheritance orders that override functions unintentionally.

Highlights any use of delegatecall for further review.

Detects patterns that let attackers block contract functionality.

Detects calculations that divide values before multiplying, leading to precision loss.

Finds assignments that mistakenly modify memory rather than storage.

Detects unintentional loss of ether or tokens from a contract due to logic mistakes.

Detects missing or incorrect balance validations before performing value transfers.

Detects send patterns affected by the 1/64th gas forwarding rule.

Finds keccak usage that concatenates variable-length fields unsafely.

Detects heartbeats that are ignored or misconfigured, allowing stale oracle data to persist.

Detects contracts that rely on optimistic rollup sequencers without verifying their up-time or status.

Detects errors in transfer formulas that credit or debit the wrong amount of tokens.

Detects functions that use the wrong visibility specifier.

Detects when nonces or sequence numbers are not updated properly, enabling signature reuse.

Detects functions marked payable that should not accept ether or tokens.

Detects arithmetic that exceeds the maximum value of an unsigned integer and wraps around.

Detects arithmetic operations that wrap around due to exceeding uint256 limits.

Detects subtraction that goes below zero and wraps to a large value.

Detects unauthorized or illogical changes to contract storage that break invariants.

Alerts when keccak256 hashes memory regions of differing lengths.

Detects admin address validations that are missing or faulty.

Detects when oracle results are used without validating their authenticity or range.

Finds dangerous or unintended uses of the CREATE2 opcode.

Marks code that contradicts a formally specified property.

Detects vulnerable external calls that allow reentrant execution.

Detects loss of precision when performing integer division or modulus operations in Solidity.

Flags contracts that execute or expose the selfdestruct opcode.

Detects token swaps or sales without a working slippage protection parameter.

Detects reliance on outdated oracle data that may no longer reflect current market conditions.

Detects when protocols rely on price data that may become outdated and lead to incorrect decisions.

Detects reliance on `block.timestamp` for critical logic that miners can manipulate within a short range.

Detects operations that accidentally burn or lock tokens beyond recovery.

Detects lending protocols that return collateral without burning representative tokens, inflating supply.

Detects any use of `tx.origin` in authorization or decision making logic.

Highlights misspelled variable or function names in code.

Detects loops that may run indefinitely or exceed gas limits.

Detects use of the `unchecked` keyword that disables overflow and underflow protections.

Finds external calls where the return value is ignored.

Detects storage pointers that are not properly initialized, leading to clobbered state.

Detects external calls that are not gated by access controls.

Flags delegatecall usages that lack proper safeguards.

Warns about confusing Unicode characters that may obfuscate code.

Detects authorization logic that relies on `tx.origin`, exposing the contract to phishing attacks.

Highlights contracts that include inline assembly blocks.

Detects input validation that fails to halt execution properly.