Releases: Cyfrin/aderyn
Releases · Cyfrin/aderyn
v0.0.25
What's Changed
- Devex: Template comments by @alexroan in #383
- bump version by @alexroan in #392
- Hackathon Winners PR by @alexroan in #388
- Cargo clippy lint update by @TilakMaddy in #395
- Fix LargeLiteralValueDetector: handle hex literals & underscore separators by @kevincharm in #396
- Fix: peek panics by @TilakMaddy in #371
- Fix unused error false positives by @alexroan in #398
- Cleaner driver by @alexroan in #403
Release Notes
- Hackathon winning new detectors:
- Improved devex comments on templates and
capture
macro usage - Fix LargeLiteralValueDetector: Handle Hex and underscores
- Fix
peek
panics
New Contributors
- @kevincharm made their first contribution in #396
- @scab24 made their first contribution in #372
- @malawadd made their first contribution in #374
- @gr4yha7 made their first contribution in #385
Full Changelog: v0.0.24...v0.0.25
v0.0.24
What's Changed
- Remove openssl dependency from
reqwest
crate by @TilakMaddy in #337 - bump version to v0.0.24 by @alexroan in #340
- CI Check Reports Debugging by @alexroan in #341
- Add slither acknowledgement by @PatrickAlphaC in #342
- New abstractions:
peek_over
andpeek_under
(essential for some detectors) by @TilakMaddy in #338 - Update LICENSE by @PatrickAlphaC in #344
- Updates readme with docs by @Eversmile12 in #347
- Update README.md by @Eversmile12 in #348
- Fix: Remove unused code -
ResuableDetectorNamePool
by @TilakMaddy in #356 - Non reentrant modifier name detection is more generalized by @TilakMaddy in #351
- Chore: Setting up hackathon demo by @alexroan in #357
load_multiple_contracts
test helper by @alexroan in #365- New Detector: reverts and requires inside for loops / while loops by @TilakMaddy in #353
- Match readme wording to docs by @alexroan in #367
Release Notes
- Reintroduce update checking but without using OpenSSL in the request crate
- Slither acknowledgment in the Readme
- New AST traversal abstractions:
peek_over
andpeek_under
- Update License to GNU GPL
- https://docs.cyfrin.io/ added to readme
load_multiple_contracts
test helper- New detector: low, reverts and requires inside loops
Full Changelog: v0.0.23...v0.0.24
v0.0.23
v0.0.22
What's Changed
- Benchmarks for Aderyn and individual detectors by @TilakMaddy in #290
- Bump version by @alexroan in #329
- Feature
peek
into node to see the source code as string +TODO
Detector by @TilakMaddy in #261 - Remove ENV vars in favour of CLI args by @alexroan in #330
- Notify aderyn users when a new version is released ! by @TilakMaddy in #263
- Reclassify detectors by @alexroan in #331
Release Notes
- Benchmark aderyn and its detectors (not yet included in CI)
peek()
enables detectors to look at the source code of the ASTNode, to run string comparisons against.- ENV vars moved into CLI args.
- At the end of each run, check if there is a newer version of
aderyn
available. - Reclassify detectors to HIGH:
avoid_abi_envode_packed
unprotected_init_function
Full Changelog: v0.0.21...v0.0.22
v0.0.21
What's Changed
- Staging v0.0.19 by @alexroan in #277
- v0.0.20 Staging by @alexroan in #295
- Merge pull request #295 from Cyfrin/dev by @alexroan in #312
- Update issue templates by @Eversmile12 in #317
- Update CONTRIBUTING.md by @Eversmile12 in #315
- Update CONTRIBUTING.md by @Eversmile12 in #322
- Bump version to 0.0.21 by @alexroan in #323
- Reduce number of severity categories to just High and Low by @alexroan in #324
- small template fixes by @alexroan in #325
Release Notes
- Updates to Contributing and Issue guidelines
- Reduce the number of severity categories to just two: High and Low
- Highs represent things that should definitely addressed
- Low represent nice to haves, but not mandatory
Full Changelog: v0.0.20...v0.0.21
v0.0.20
What's Changed
- Bump version to v0.0.20 by @alexroan in #294
- Fix/forge not installed in ci by @TilakMaddy in #292
- New browser module: previous and next sibling by @TilakMaddy in #291
- Docs: Email added to contributing doc by @alexroan in #303
- Detector improvement: Reduce false positives in unsafe ERC721 mint by @alexroan in #304
- Kill nyth by @alexroan in #307
- Detector templates by @alexroan in #308
- Kill Reusable Detectors by @alexroan in #309
- Kill criticals by @alexroan in #311
Release Notes
- Fail
aderyn
onforge build --ast
failure get_next_sibling
andget_previous_sibling
- Reduce false positives in Unsafe ERC20 mint detector
- Kill
nyth
- Kill
ReusableDetectors
- Kill
Critical
severity - Detector templates in each severity folder
Full Changelog: v0.0.19...v0.0.20
v0.0.19
What's Changed
- v0.0.18 Staging by @alexroan in #236
- Broken history by @alexroan in #276
- Bump version to v0.0.19 by @alexroan in #278
- Accommodate for non default
FOUNDRY_PROFILE
by @TilakMaddy in #270 - Detector fix/enhancement : Do not catch internal functions used only once that start with
_
by @TilakMaddy in #268 - New Detector: Unprotected initialize function by @TilakMaddy in #257
- Browser module for
sort_by_line_nos()
for an array ofASTNode
s + (Hidden Test Fix) by @TilakMaddy in #279 - New detector: Inconsistent type names detector by @TilakMaddy in #258
- Debt: Clean foundry environment by @alexroan in #288
- Enhancement/renaming thread by @TilakMaddy in #289
Release Notes:
- Reduce the amount of Rust code required for AST traversal abstractions (extractor patter,
parent()
, etc) - Alter Nyth init flow to build --ast
- Accommodate for non-default FOUNDRY_PROFILE
sort_by_src_position
- with a vector of nodes, this sorts them by their position in the code (useful for things like CEI pattern)- Rename
parents
references toancestors
- Detectors:
- NEW:
- Unprotected initialize functions
- Inconsistent unit(256) and int(256) type declarations within a contract
- FIX: Internal functions used only once now ignores functions with underscore prefixes
- NEW:
Full Changelog: v0.0.18...v0.0.19
v0.0.18
What's Changed
- v0.0.17 Staging by @alexroan in #226
- Feature/docker by @lukapodlesnik in #233
- Feature/ Implementation of
Node
interface forASTNode
unlocks the whole Extraction Library by @TilakMaddy in #237 - Detector improvements: centralization & Zero address by @alexroan in #239
- bump version by @alexroan in #240
- New Detector: Modifiers used only once can be shoe-horned into the function itself by @TilakMaddy in #218
- Multiple detector improvements by @alexroan in #244
- Cross compilation in CI by @alexroan in #245
- Speed up cli/reportgen.sh by 10x by @TilakMaddy in #246
- Utility function - immediate children on any Node (or) ASTNode by @TilakMaddy in #247
- Allow to find relative location between ASTNodes (
appears_after
andappears_before
) by @TilakMaddy in #248 - New Detector: Empty blocks of code should be removed by @TilakMaddy in #217
- Chore: Master merge by @alexroan in #251
- Fix for override specifier propagation in modifier by @TilakMaddy in #250
New Contributors
- @lukapodlesnik made their first contribution in #233
Full Changelog:
- Dockerfile
- DevEx improvements:
Node
interface forASTNode
enabling more abstractions for the Extractor library- Extract immediate children from
Node
orASTNode
appears_before
andappears_after
in the source code for AST nodes.- reportgen speedup
- Detector improvements:
- New Detectors:
- NC: modifiers used only once can be inlined
- NC: Empty code blocks
- CI: Cross-compilation
v0.0.17
- Fixes:
- Parent corruption in identifiers.
- CLOC panic when an empty solidity file is input.
- Remove aderyn_nodejs until a better solution is found.
- Output to stdout with
--stdout
arg. (useful for toolchains) ASTNode
abstractions:capture!
allows for abstractedASTNode
types to be passed in as well as specific node types - Makes capturing cleaner.x.closest_parent_of_type(context, NodeType::Block)
wherex
can be an ASTNode type instead of a specific type.
- New Detectors:
- NC: Internal functions used only once could be inlined
- NC: Large literals should be replaced with scientific notation
v0.0.16
- Changed BTreeMap structure to include the exact source location as well as contract path and line number.
- Print the exact src location in the json output for tool usage
- Improvements to the Constants instead of Literals detector
id()
method for AST Nodesnyth
accepts same flags asaderyn
- AST traversal:
.parent()
accessorGetParent
replaced with new "closest parent of type X"- Full parent chain retrieval
ADERYN_CLOC_SKIP=1
flag to skip line counting- Better framework error message