Skip to content

Releases: Cyfrin/aderyn

v0.0.25

08 May 09:54
a33e7b8
Compare
Choose a tag to compare

What's Changed

Release Notes

  • Hackathon winning new detectors:
  • Improved devex comments on templates and capture macro usage
  • Fix LargeLiteralValueDetector: Handle Hex and underscores
  • Fix peek panics

New Contributors

Full Changelog: v0.0.24...v0.0.25

v0.0.24

26 Apr 10:02
4cb1d15
Compare
Choose a tag to compare

What's Changed

Release Notes

  • Reintroduce update checking but without using OpenSSL in the request crate
  • Slither acknowledgment in the Readme
  • New AST traversal abstractions: peek_over and peek_under
  • Update License to GNU GPL
  • https://docs.cyfrin.io/ added to readme
  • load_multiple_contracts test helper
  • New detector: low, reverts and requires inside loops

Full Changelog: v0.0.23...v0.0.24

v0.0.23

16 Apr 12:19
93a26a5
Compare
Choose a tag to compare

What's Changed

Full Changelog: v0.0.22...v0.0.23

v0.0.22

15 Apr 16:05
04ccf66
Compare
Choose a tag to compare

What's Changed

Release Notes

  • Benchmark aderyn and its detectors (not yet included in CI)
  • peek() enables detectors to look at the source code of the ASTNode, to run string comparisons against.
  • ENV vars moved into CLI args.
  • At the end of each run, check if there is a newer version of aderyn available.
  • Reclassify detectors to HIGH:
    • avoid_abi_envode_packed
    • unprotected_init_function

Full Changelog: v0.0.21...v0.0.22

v0.0.21

12 Apr 13:29
58782d0
Compare
Choose a tag to compare

What's Changed

Release Notes

  • Updates to Contributing and Issue guidelines
  • Reduce the number of severity categories to just two: High and Low
    • Highs represent things that should definitely addressed
    • Low represent nice to haves, but not mandatory

Full Changelog: v0.0.20...v0.0.21

v0.0.20

11 Apr 09:25
b9a388e
Compare
Choose a tag to compare

What's Changed

Release Notes

  • Fail aderyn on forge build --ast failure
  • get_next_sibling and get_previous_sibling
  • Reduce false positives in Unsafe ERC20 mint detector
  • Kill nyth
  • Kill ReusableDetectors
  • Kill Critical severity
  • Detector templates in each severity folder

Full Changelog: v0.0.19...v0.0.20

v0.0.19

08 Apr 11:10
fa46aa9
Compare
Choose a tag to compare

What's Changed

Release Notes:

  • Reduce the amount of Rust code required for AST traversal abstractions (extractor patter, parent(), etc)
  • Alter Nyth init flow to build --ast
  • Accommodate for non-default FOUNDRY_PROFILE
  • sort_by_src_position - with a vector of nodes, this sorts them by their position in the code (useful for things like CEI pattern)
  • Rename parents references to ancestors
  • Detectors:
    • NEW:
      • Unprotected initialize functions
      • Inconsistent unit(256) and int(256) type declarations within a contract
    • FIX: Internal functions used only once now ignores functions with underscore prefixes

Full Changelog: v0.0.18...v0.0.19

v0.0.18

26 Mar 15:36
6cd7655
Compare
Choose a tag to compare

What's Changed

New Contributors

Full Changelog:

  • Dockerfile
  • DevEx improvements:
    • Node interface for ASTNode enabling more abstractions for the Extractor library
    • Extract immediate children from Node or ASTNode
    • appears_before and appears_after in the source code for AST nodes.
    • reportgen speedup
  • Detector improvements:
  • New Detectors:
    • NC: modifiers used only once can be inlined
    • NC: Empty code blocks
  • CI: Cross-compilation

v0.0.17

18 Mar 22:04
0344658
Compare
Choose a tag to compare
  • Fixes:
    • Parent corruption in identifiers.
    • CLOC panic when an empty solidity file is input.
  • Remove aderyn_nodejs until a better solution is found.
  • Output to stdout with --stdout arg. (useful for toolchains)
  • ASTNode abstractions:
    • capture! allows for abstracted ASTNode types to be passed in as well as specific node types - Makes capturing cleaner.
    • x.closest_parent_of_type(context, NodeType::Block) where x can be an ASTNode type instead of a specific type.
  • New Detectors:
    • NC: Internal functions used only once could be inlined
    • NC: Large literals should be replaced with scientific notation

v0.0.16

13 Mar 16:06
d487944
Compare
Choose a tag to compare
  • Changed BTreeMap structure to include the exact source location as well as contract path and line number.
  • Print the exact src location in the json output for tool usage
  • Improvements to the Constants instead of Literals detector
  • id() method for AST Nodes
  • nyth accepts same flags as aderyn
  • AST traversal:
    • .parent() accessor
    • GetParent replaced with new "closest parent of type X"
    • Full parent chain retrieval
  • ADERYN_CLOC_SKIP=1 flag to skip line counting
  • Better framework error message