Static Analysis

Threat Detection

Using the Detectors provided by Slither, it is possible to detect threats within the Hook. Herbicide automatically executes the following Detectors to find and warn about threats.

• encode-packed-collision

  • Detect collision due to dynamic type usages in abi.encodePacked

• shadowing-state

  • Detection of state variables shadowed.

• uninitialized-state

  • Uninitialized state variables.

• delegatecall-loop

  • Delegatecall to an address controlled by the user.

  • Detect the use of delegatecall inside a loop in a payable function.

• msg-value-loop

  • Detect the use of msg.value inside a loop.

• reentrancy-eth

  • Detection of the reentrancy bug. Do not report reentrancies that don't involve Ether (see,reentrancy-no-eth)

• unchecked-transfer

  • The return value of an external transfer/transferFrom call is not checked

• shadowing-abstract

  • Detection of state variables shadowed from abstract contracts.

• divide-before-multiply

  • Solidity's integer division truncates. Thus, performing division before multiplication can lead to precision loss.

Informational Gathering

Using the Slither-Printer, it displays critical information regarding the access control of the contract. In Herbicide, the Printer is automatically executed to extract and display.

• require statements

  • Prints require statements in the function.

• modifiers

  • Prints modify applied to the function.

• state variables and authentication

  • Prints require statements with msg.sender, in the function which writes state variables.

Contract Information

• info-variable

  • Prints state variables and the functions using them.

• info-inline-access-control

  • Checks require&assert&revert conditions.

• info-inheritance

  • Prints the contract's inheritance information.

• info-library

  • Prints the usage of libraries of the contract.

Semgrep-Solidity + Python

In the Simple Contract Analyzer, users can input contract to receive processed key information according to predefined Semgrep rules by Herbicide. This lets users easily review details about functions and storage variables declared in

Threat Detection

• info-layer2-assignee

  • Checks storage re-used while double-initializing the hook.

• low-call

  • Checks if the hook is low-calling to other addresses.

• getSlot0-check

  • Checks if the hook is calling getSlot0 function, as it is dangerous if the hook operates as an oracle, returning the getSlot0 value as the price of the pool.

• missing-token-transfer-while-burnt

  • Checks if the hook is not transfer the underlying token while the token is burnt.

• missing-onlyPoolManager-modifier

  • Checks if onlyPoolManager modifier is not applied to the hook functions.

• misconfigured-hook

  • Checks if the hook functions are not yet implemented, while the function flag of getHookPermissions returns true.