Class EnsurePrgSeed

A detector that identifies all calls to nativeRandom and nativeRandomInterval without a preceding PRG seed initialization.

Why is it bad?

Using nativeRandom or nativeRandomInterval without first initializing the PRG seed via nativePrepareRandom, nativeRandomize, or nativeRandomizeLt may lead to unintended behavior or weak random number generation. This detector ensures that PRG seed initialization is always performed before any use of random functions, enhancing contract security.

Example

// Bad: `nativeRandom` is used without prior PRG seed initialization
fun generateRandomValue(): Int {
  return nativeRandom()
}

Use instead:

fun test(): Int {
  nativePrepareRandom();
}

// OK: PRG has been initialized somewhere in the contract
fun generateRandomValue(): Int {
  return nativeRandom()
}

Hierarchy (view full)

ASTDetector
- EnsurePrgSeed

Index

Constructors

constructor

new EnsurePrgSeed(ctx): EnsurePrgSeed
Parameters
- ctx: MistiContext
Returns EnsurePrgSeed
Inherited from ASTDetector.constructor
- Defined in src/detectors/detector.ts:36

Properties

`Readonly`ctx

ctx: MistiContext

severity

severity: Severity = Severity.MEDIUM

Gets the severity of the detector.

Accessors

id

get id(): string
Gets the short identifier of the detector, used in analyzer warnings.

Returns string
The unique identifier of the detector.
Inherited from ASTDetector.id
- Defined in src/detectors/detector.ts:42

kind

get kind(): DetectorKind
Gets the kind of the detector.

Returns DetectorKind
Inherited from ASTDetector.kind
- Defined in src/detectors/detector.ts:118

shareImportedWarnings

get shareImportedWarnings(): WarningsBehavior
Defines the behavior of warnings generated by this detector when working with multiple projects within a single Tact configuration.

Here are the available options:
1. "union" Leave this value if you don't care about warnings generated in other projects.
2. "intersect" If the warning is generated for some source location of the imported file, it should be generated by each of the projects. Example: Constants from an imported file should not be reported iff they are unused in all the projects, so you need "intersect".
Returns WarningsBehavior
Inherited from ASTDetector.shareImportedWarnings
- Defined in src/detectors/detector.ts:69

usesSouffle

get usesSouffle(): boolean
Checks whether this detector needs the Soufflé binary to be executed.

Returns boolean
Inherited from ASTDetector.usesSouffle
- Defined in src/detectors/detector.ts:76

Methods

check

check(cu): Promise<MistiTactWarning[]>
Executes the detector's logic to check for issues within the provided compilation unit.
Parameters
- cu: CompilationUnit
  The compilation unit to be analyzed.
Returns Promise<MistiTactWarning[]>
List of warnings has highlighted by this detector.
Overrides ASTDetector.check
- Defined in src/detectors/builtin/ensurePrgSeed.ts:40

`Protected`makeWarning

makeWarning(description, loc, data?): MistiTactWarning
A wrapper method that creates Misti warnings with additional context about the detector generated it.
Parameters
- description: string
- loc: SrcInfo
- data: Partial<{
  extraDescription: string;
  suggestion: string;
  }> = {}
Returns MistiTactWarning
Inherited from ASTDetector.makeWarning
- Defined in src/detectors/detector.ts:99

`Protected`skipUnused

skipUnused(name): boolean
Returns true if the identifier with the given name should not be reported by unused variables detectors.
Parameters
- name: string
Returns boolean
Inherited from ASTDetector.skipUnused
- Defined in src/detectors/detector.ts:91

Class EnsurePrgSeed

Why is it bad?

Example

Hierarchy (view full)

Index

Constructors

Properties

Accessors

Methods

Constructors

constructor

Parameters

Returns EnsurePrgSeed

Properties

`Readonly`ctx

severity

Accessors

id

Returns string

kind

Returns DetectorKind

shareImportedWarnings

Returns WarningsBehavior

usesSouffle

Returns boolean

Methods

check

Parameters

Returns Promise<MistiTactWarning[]>

`Protected`makeWarning

Parameters

Returns MistiTactWarning

`Protected`skipUnused

Parameters

Returns boolean

Settings

On This Page

Class EnsurePrgSeed

Why is it bad?

Example

Hierarchy (view full)

Index

Constructors

Properties

Accessors

Methods

Constructors

constructor

Parameters

Returns EnsurePrgSeed

Properties

Readonlyctx

severity

Accessors

id

Returns string

kind

Returns DetectorKind

shareImportedWarnings

Returns WarningsBehavior

usesSouffle

Returns boolean

Methods

check

Parameters

Returns Promise<MistiTactWarning[]>

ProtectedmakeWarning

Parameters

Returns MistiTactWarning

ProtectedskipUnused

Parameters

Returns boolean

Settings

On This Page

`Readonly`ctx

`Protected`makeWarning

`Protected`skipUnused