Static Analysis
Threat Detection
Using the Detectors provided by Slither, it is possible to detect threats within the Hook. Herbicide automatically executes the following Detectors to find and warn about threats.
- Detection of the reentrancy bug. Do not report reentrancies that don't involve Ether (see,
reentrancy-no-eth
)
Informational Gathering
Using the Slither-Printer, it displays critical information regarding the access control of the contract. In Herbicide, the Printer is automatically executed to extract and display.
Prints require statements in the function.
Prints modify applied to the function.
state variables and authentication
Prints require statements with
msg.sender
, in the function which writes state variables.
Contract Information
info-variable
Prints state variables and the functions using them.
info-inline-access-control
Checks require&assert&revert conditions.
info-inheritance
Prints the contract's inheritance information.
info-library
Prints the usage of libraries of the contract.
Semgrep-Solidity + Python
In the Simple Contract Analyzer, users can input contract to receive processed key information according to predefined Semgrep rules by Herbicide. This lets users easily review details about functions and storage variables declared in
Threat Detection
info-layer2-assignee
Checks storage re-used while double-initializing the hook.
low-call
Checks if the hook is low-calling to other addresses.
getSlot0-check
Checks if the hook is calling
getSlot0
function, as it is dangerous if the hook operates as an oracle, returning thegetSlot0
value as the price of the pool.
missing-token-transfer-while-burnt
Checks if the hook is not transfer the underlying token while the token is burnt.
missing-onlyPoolManager-modifier
Checks if
onlyPoolManager
modifier is not applied to the hook functions.
misconfigured-hook
Checks if the hook functions are not yet implemented, while the function flag of
getHookPermissions
returnstrue
.
Last updated