A detector that analyzes loop conditions and control flow to ensure loops have proper termination criteria.

An unbounded loop can be problematic for several reasons:

  • Unexpected Behavior: Without a defined termination, loops can lead to unpredictable contract behavior and make debugging difficult.
  • Out-of-gas Attacks: Continuous looping without termination can lead to out-of-gas attacks.
  • DoS Attacks: Malicious actors can exploit unbounded loops to create denial-of-service attacks, impacting contract's availability.
let x: Int = 10;
while (x > 0) {
  // Bad: x is not changed due looping
  send(SendParameters{ to: sender(), ... });
}

Use instead:

let x: Int = 10;
while (x > 0) {
  send(SendParameters{ to: sender(), ... });
  x = x - 1;
}

Hierarchy (view full)

Constructors

Properties

severity: Severity = Severity.HIGH

Gets the severity of the detector.

Accessors

  • get id(): string
  • Gets the short identifier of the detector, used in analyzer warnings.

    Returns string

    The unique identifier of the detector.

  • get shareImportedWarnings(): WarningsBehavior
  • Defines the behavior of warnings generated by this detector when working with multiple projects within a single Tact configuration.

    Here are the available options:

    1. "union" Leave this value if you don't care about warnings generated in other projects.
    2. "intersect" If the warning is generated for some source location of the imported file, it should be generated by each of the projects. Example: Constants from an imported file should not be reported iff they are unused in all the projects, so you need "intersect".

    Returns WarningsBehavior

  • get usesSouffle(): boolean
  • Checks whether this detector needs the Soufflé binary to be executed.

    Returns boolean

Methods

  • Creates a Soufflé context with unique name.

    Parameters

    • cu: CompilationUnit
    • docstring: undefined | string | string[] = ...

      A comment introduced on the top of the generated program if ctx.config.souffleVerbose is set.

      It should be used to avoid name clashes in the Soufflé directory when working with multiple projects.

    Returns SouffleContext<SrcInfo>