v0.0.27

What's Changed

• Fix: Include low issues in sarif printer by @alexroan in #442
• Refactor auditor mode for ICF by @alexroan in #446
• Feature: Collapsible Markdown report instances by @alexroan in #448
• BASE BRANCH: Internal compilation framework by @alexroan in #333
• Bump version to 0.0.27 and update readme by @alexroan in #470
• Group ICF related args by @alexroan in #471
• Update foundry-compilers to cyfrin-foundry-compilers by @alexroan in #472
• Add foundry config version by @alexroan in #473
• Remove local foundry gitmodule by @alexroan in #474

Release Notes

• Fix: Include LOW issues in the SARIF report printer
• Refactor Auditor Mode to more easily integrate ICF
• Collapsible Markdown report instances
• Internal Compilation Framework beta!
  • Invoked with --icf option.
  • Once this has been battle tested and ironed out, ICF will replace the current workflow, and the --icf flag will be removed.

Full Changelog: v0.0.26...v0.0.27

v0.0.26

What's Changed

• Experimental: Auditor mode by @alexroan in #405
• Bump version to 0.0.26 by @alexroan in #409
• Optimize layout order detector by @TilakMaddy in #407
• Feature: Detector - Unsafe casting by @alexroan in #410
• remove debt from previous merge by @alexroan in #411
• Refactor/auditor mode (To be able to handle multiple contexts later) by @TilakMaddy in #419
• Feature: SARIF support by @alexroan in #412
• Remove Unused bot_reports by @alexroan in #435
• Remove judgeops by @alexroan in #436
• Tech debt: Reports folder by @alexroan in #437
• Debt: Remove layout order detector by @alexroan in #438

Release Notes:

• Experimental auditor mode
  • Instead of running issue detectors, it runs a separate set of auditor detectors that output tips like "Attack Surface" described in #349.
  • Invoked with --auditor-mode
• Detectors:
  • REMOVE: Wrong layout order detector
  • NEW: Unsafe Casting detector
• SARIF file output support
• Tech debt:
  • Remove judgeops
  • Cleanup stale bot_reports
  • Move test reports to a reports/ folder

Full Changelog: v0.0.25...v0.0.26

v0.0.25

What's Changed

• Devex: Template comments by @alexroan in #383
• bump version by @alexroan in #392
• Hackathon Winners PR by @alexroan in #388
• Cargo clippy lint update by @TilakMaddy in #395
• Fix LargeLiteralValueDetector: handle hex literals & underscore separators by @kevincharm in #396
• Fix: peek panics by @TilakMaddy in #371
• Fix unused error false positives by @alexroan in #398
• Cleaner driver by @alexroan in #403

Release Notes

• Hackathon winning new detectors:
  • #372 by @scab24
  • #374 by @malawadd
  • #385 by @gr4yha7
• Improved devex comments on templates and capture macro usage
• Fix LargeLiteralValueDetector: Handle Hex and underscores
• Fix peek panics

New Contributors

• @kevincharm made their first contribution in #396
• @scab24 made their first contribution in #372
• @malawadd made their first contribution in #374
• @gr4yha7 made their first contribution in #385

Full Changelog: v0.0.24...v0.0.25

v0.0.24

What's Changed

• Remove openssl dependency from reqwest crate by @TilakMaddy in #337
• bump version to v0.0.24 by @alexroan in #340
• CI Check Reports Debugging by @alexroan in #341
• Add slither acknowledgement by @PatrickAlphaC in #342
• New abstractions: peek_over and peek_under (essential for some detectors) by @TilakMaddy in #338
• Update LICENSE by @PatrickAlphaC in #344
• Updates readme with docs by @Eversmile12 in #347
• Update README.md by @Eversmile12 in #348
• Fix: Remove unused code - ResuableDetectorNamePool by @TilakMaddy in #356
• Non reentrant modifier name detection is more generalized by @TilakMaddy in #351
• Chore: Setting up hackathon demo by @alexroan in #357
• load_multiple_contracts test helper by @alexroan in #365
• New Detector: reverts and requires inside for loops / while loops by @TilakMaddy in #353
• Match readme wording to docs by @alexroan in #367

Release Notes

• Reintroduce update checking but without using OpenSSL in the request crate
• Slither acknowledgment in the Readme
• New AST traversal abstractions: peek_over and peek_under
• Update License to GNU GPL
• https://docs.cyfrin.io/ added to readme
• load_multiple_contracts test helper
• New detector: low, reverts and requires inside loops

Full Changelog: v0.0.23...v0.0.24

v0.0.23

What's Changed

• Remove openSSL dependency by @alexroan in #334
• Bump version v0.0.23 by @alexroan in #336

Full Changelog: v0.0.22...v0.0.23

v0.0.22

What's Changed

• Benchmarks for Aderyn and individual detectors by @TilakMaddy in #290
• Bump version by @alexroan in #329
• Feature peek into node to see the source code as string + TODO Detector by @TilakMaddy in #261
• Remove ENV vars in favour of CLI args by @alexroan in #330
• Notify aderyn users when a new version is released ! by @TilakMaddy in #263
• Reclassify detectors by @alexroan in #331

Release Notes

• Benchmark aderyn and its detectors (not yet included in CI)
• peek() enables detectors to look at the source code of the ASTNode, to run string comparisons against.
• ENV vars moved into CLI args.
• At the end of each run, check if there is a newer version of aderyn available.
• Reclassify detectors to HIGH:
  • avoid_abi_envode_packed
  • unprotected_init_function

Full Changelog: v0.0.21...v0.0.22

v0.0.21

What's Changed

• Staging v0.0.19 by @alexroan in #277
• v0.0.20 Staging by @alexroan in #295
• Merge pull request #295 from Cyfrin/dev by @alexroan in #312
• Update issue templates by @Eversmile12 in #317
• Update CONTRIBUTING.md by @Eversmile12 in #315
• Update CONTRIBUTING.md by @Eversmile12 in #322
• Bump version to 0.0.21 by @alexroan in #323
• Reduce number of severity categories to just High and Low by @alexroan in #324
• small template fixes by @alexroan in #325

Release Notes

• Updates to Contributing and Issue guidelines
• Reduce the number of severity categories to just two: High and Low
  • Highs represent things that should definitely addressed
  • Low represent nice to haves, but not mandatory

Full Changelog: v0.0.20...v0.0.21

v0.0.20

What's Changed

• Bump version to v0.0.20 by @alexroan in #294
• Fix/forge not installed in ci by @TilakMaddy in #292
• New browser module: previous and next sibling by @TilakMaddy in #291
• Docs: Email added to contributing doc by @alexroan in #303
• Detector improvement: Reduce false positives in unsafe ERC721 mint by @alexroan in #304
• Kill nyth by @alexroan in #307
• Detector templates by @alexroan in #308
• Kill Reusable Detectors by @alexroan in #309
• Kill criticals by @alexroan in #311

Release Notes

• Fail aderyn on forge build --ast failure
• get_next_sibling and get_previous_sibling
• Reduce false positives in Unsafe ERC20 mint detector
• Kill nyth
• Kill ReusableDetectors
• Kill Critical severity
• Detector templates in each severity folder

Full Changelog: v0.0.19...v0.0.20

v0.0.19

What's Changed

• v0.0.18 Staging by @alexroan in #236
• Broken history by @alexroan in #276
• Bump version to v0.0.19 by @alexroan in #278
• Accommodate for non default FOUNDRY_PROFILE by @TilakMaddy in #270
• Detector fix/enhancement : Do not catch internal functions used only once that start with _ by @TilakMaddy in #268
• New Detector: Unprotected initialize function by @TilakMaddy in #257
• Browser module for sort_by_line_nos() for an array of ASTNodes + (Hidden Test Fix) by @TilakMaddy in #279
• New detector: Inconsistent type names detector by @TilakMaddy in #258
• Debt: Clean foundry environment by @alexroan in #288
• Enhancement/renaming thread by @TilakMaddy in #289

Release Notes:

• Reduce the amount of Rust code required for AST traversal abstractions (extractor patter, parent(), etc)
• Alter Nyth init flow to build --ast
• Accommodate for non-default FOUNDRY_PROFILE
• sort_by_src_position - with a vector of nodes, this sorts them by their position in the code (useful for things like CEI pattern)
• Rename parents references to ancestors
• Detectors:
  • NEW:
    • Unprotected initialize functions
    • Inconsistent unit(256) and int(256) type declarations within a contract
  • FIX: Internal functions used only once now ignores functions with underscore prefixes

Full Changelog: v0.0.18...v0.0.19

v0.0.18

What's Changed

• v0.0.17 Staging by @alexroan in #226
• Feature/docker by @lukapodlesnik in #233
• Feature/ Implementation of Node interface for ASTNode unlocks the whole Extraction Library by @TilakMaddy in #237
• Detector improvements: centralization & Zero address by @alexroan in #239
• bump version by @alexroan in #240
• New Detector: Modifiers used only once can be shoe-horned into the function itself by @TilakMaddy in #218
• Multiple detector improvements by @alexroan in #244
• Cross compilation in CI by @alexroan in #245
• Speed up cli/reportgen.sh by 10x by @TilakMaddy in #246
• Utility function - immediate children on any Node (or) ASTNode by @TilakMaddy in #247
• Allow to find relative location between ASTNodes (appears_after and appears_before) by @TilakMaddy in #248
• New Detector: Empty blocks of code should be removed by @TilakMaddy in #217
• Chore: Master merge by @alexroan in #251
• Fix for override specifier propagation in modifier by @TilakMaddy in #250

New Contributors

• @lukapodlesnik made their first contribution in #233

Full Changelog:

• Dockerfile
• DevEx improvements:
  • Node interface for ASTNode enabling more abstractions for the Extractor library
  • Extract immediate children from Node or ASTNode
  • appears_before and appears_after in the source code for AST nodes.
  • reportgen speedup
• Detector improvements:
  • #234
  • #235
  • #241
  • #242
  • #243
• New Detectors:
  • NC: modifiers used only once can be inlined
  • NC: Empty code blocks
• CI: Cross-compilation