Class SuspiciousMessageMode

Detects suspicious usage of the mode field in SendParameters struct instances.

Why is it bad?

Incorrect usage of the mode field in SendParameters can lead to unintended behavior when sending messages, such as incorrect flags being set, which can cause security vulnerabilities or unexpected contract behavior.

What it checks:

Ensures that the mode expression only uses the bitwise OR operator |.
Warns if integer literals are used instead of symbolic constants.
Warns if the same flag is used multiple times in the mode expression.

Example

// Suspicious usage:
send(SendParameters{
    to: recipient,
    value: amount,
    mode: SendRemainingBalance | SendRemainingBalance // Bad: Duplicate flag
});

// Correct usage:
send(SendParameters{
    to: recipient,
    value: amount,
    mode: SendRemainingBalance | SendDestroyIfZero // Ok
});

Hierarchy (view full)

ASTDetector
- SuspiciousMessageMode

Index

Constructors

constructor

new SuspiciousMessageMode(ctx): SuspiciousMessageMode
Parameters
- ctx: MistiContext
Returns SuspiciousMessageMode
Inherited from ASTDetector.constructor
- Defined in src/detectors/detector.ts:36

Properties

`Readonly`ctx

ctx: MistiContext

severity

severity: Severity = Severity.MEDIUM

Gets the severity of the detector.

Accessors

id

get id(): string
Gets the short identifier of the detector, used in analyzer warnings.

Returns string
The unique identifier of the detector.
Inherited from ASTDetector.id
- Defined in src/detectors/detector.ts:42

kind

get kind(): DetectorKind
Gets the kind of the detector.

Returns DetectorKind
Inherited from ASTDetector.kind
- Defined in src/detectors/detector.ts:118

shareImportedWarnings

get shareImportedWarnings(): WarningsBehavior
Defines the behavior of warnings generated by this detector when working with multiple projects within a single Tact configuration.

Here are the available options:
1. "union" Leave this value if you don't care about warnings generated in other projects.
2. "intersect" If the warning is generated for some source location of the imported file, it should be generated by each of the projects. Example: Constants from an imported file should not be reported iff they are unused in all the projects, so you need "intersect".
Returns WarningsBehavior
Inherited from ASTDetector.shareImportedWarnings
- Defined in src/detectors/detector.ts:69

usesSouffle

get usesSouffle(): boolean
Checks whether this detector needs the Soufflé binary to be executed.

Returns boolean
Inherited from ASTDetector.usesSouffle
- Defined in src/detectors/detector.ts:76

Methods

check

check(cu): Promise<MistiTactWarning[]>
Executes the detector's logic to check for issues within the provided compilation unit.
Parameters
- cu: CompilationUnit
  The compilation unit to be analyzed.
Returns Promise<MistiTactWarning[]>
List of warnings has highlighted by this detector.
Overrides ASTDetector.check
- Defined in src/detectors/builtin/suspiciousMessageMode.ts:45

`Protected`makeWarning

makeWarning(description, loc, data?): MistiTactWarning
A wrapper method that creates Misti warnings with additional context about the detector generated it.
Parameters
- description: string
- loc: SrcInfo
- data: Partial<{
  extraDescription: string;
  suggestion: string;
  }> = {}
Returns MistiTactWarning
Inherited from ASTDetector.makeWarning
- Defined in src/detectors/detector.ts:99

`Protected`skipUnused

skipUnused(name): boolean
Returns true if the identifier with the given name should not be reported by unused variables detectors.
Parameters
- name: string
Returns boolean
Inherited from ASTDetector.skipUnused
- Defined in src/detectors/detector.ts:91

Class SuspiciousMessageMode

Why is it bad?

Example

Hierarchy (view full)

Index

Constructors

Properties

Accessors

Methods

Constructors

constructor

Parameters

Returns SuspiciousMessageMode

Properties

`Readonly`ctx

severity

Accessors

id

Returns string

kind

Returns DetectorKind

shareImportedWarnings

Returns WarningsBehavior

usesSouffle

Returns boolean

Methods

check

Parameters

Returns Promise<MistiTactWarning[]>

`Protected`makeWarning

Parameters

Returns MistiTactWarning

`Protected`skipUnused

Parameters

Returns boolean

Settings

On This Page

Class SuspiciousMessageMode

Why is it bad?

Example

Hierarchy (view full)

Index

Constructors

Properties

Accessors

Methods

Constructors

constructor

Parameters

Returns SuspiciousMessageMode

Properties

Readonlyctx

severity

Accessors

id

Returns string

kind

Returns DetectorKind

shareImportedWarnings

Returns WarningsBehavior

usesSouffle

Returns boolean

Methods

check

Parameters

Returns Promise<MistiTactWarning[]>

ProtectedmakeWarning

Parameters

Returns MistiTactWarning

ProtectedskipUnused

Parameters

Returns boolean

Settings

On This Page

`Readonly`ctx

`Protected`makeWarning

`Protected`skipUnused