Class ZeroAddress

A detector that identifies uses of the zero address.

Why is it bad?

Using the zero address in smart contracts is typically problematic because it can be exploited as a default or uninitialized address, leading to unintended transfers and security vulnerabilities. Additionally, operations involving the zero address can result in loss of funds or tokens, as there is no private key to access this address.

Example

contract Proxy {
  to: Address;
  init() {
    // Warning: Insecure usage of zero address as default value
    self.to = newAddress(0, 0);
  }
  fun setAddress(to: Address) {
    self.to = to
  }
}

Use instead:

contract Proxy {
  to: Address;
  init(to: Address) {
    // Fixed: Using the input value on initialization.
    self.to = to;
  }
  fun setAddress(to: Address) {
    self.to = to
  }
}

Hierarchy (view full)

ASTDetector
- ZeroAddress

Index

Constructors

constructor

new ZeroAddress(ctx): ZeroAddress
Parameters
- ctx: MistiContext
Returns ZeroAddress
Inherited from ASTDetector.constructor
- Defined in detectors/detector.ts:22

Properties

`Readonly`ctx

ctx: MistiContext

Accessors

id

get id(): string
Gets the short identifier of the detector, used in analyzer warnings.

Returns string
The unique identifier of the detector.
Inherited from ASTDetector.id
- Defined in detectors/detector.ts:28

kind

get kind(): DetectorKind
Gets the kind of the detector.

Returns DetectorKind
Inherited from ASTDetector.kind
- Defined in detectors/detector.ts:107

shareImportedWarnings

get shareImportedWarnings(): WarningsBehavior
Defines the behavior of warnings generated by this detector when working with multiple projects within a single Tact configuration.

Here are the available options:
1. "union" Leave this value if you don't care about warnings generated in other projects.
2. "intersect" If the warning is generated for some source location of the imported file, it should be generated by each of the projects. Example: Constants from an imported file should not be reported iff they are unused in all the projects, so you need "intersect".
Returns WarningsBehavior
Inherited from ASTDetector.shareImportedWarnings
- Defined in detectors/detector.ts:50

usesSouffle

get usesSouffle(): boolean
Checks whether this detector needs the Soufflé binary to be executed.

Returns boolean
Inherited from ASTDetector.usesSouffle
- Defined in detectors/detector.ts:57

Methods

check

check(cu): Promise<MistiTactWarning[]>
Executes the detector's logic to check for issues within the provided compilation unit.
Parameters
- cu: CompilationUnit
  The compilation unit to be analyzed.
Returns Promise<MistiTactWarning[]>
List of warnings has highlighted by this detector.
Overrides ASTDetector.check
- Defined in detectors/builtin/zeroAddress.ts:45

`Protected`makeWarning

makeWarning(description, severity, loc, data?): MistiTactWarning
A wrapper method that creates Misti warnings with additional context about the detector generated it.
Parameters
- description: string
- severity: Severity
- loc: SrcInfo
- data: Partial<{
  extraDescription: string;
  suggestion: string;
  }> = {}
Returns MistiTactWarning
Inherited from ASTDetector.makeWarning
- Defined in detectors/detector.ts:80

`Protected`skipUnused

skipUnused(name): boolean
Returns true if the identifier with the given name should not be reported by unused variables detectors.
Parameters
- name: string
Returns boolean
Inherited from ASTDetector.skipUnused
- Defined in detectors/detector.ts:72

Class ZeroAddress

Why is it bad?

Example

Hierarchy (view full)

Index

Constructors

Properties

Accessors

Methods

Constructors

constructor

Parameters

Returns ZeroAddress

Properties

`Readonly`ctx

Accessors

id

Returns string

kind

Returns DetectorKind

shareImportedWarnings

Returns WarningsBehavior

usesSouffle

Returns boolean

Methods

check

Parameters

Returns Promise<MistiTactWarning[]>

`Protected`makeWarning

Parameters

Returns MistiTactWarning

`Protected`skipUnused

Parameters

Returns boolean

Settings

On This Page

Class ZeroAddress

Why is it bad?

Example

Hierarchy (view full)

Index

Constructors

Properties

Accessors

Methods

Constructors

constructor

Parameters

Returns ZeroAddress

Properties

Readonlyctx

Accessors

id

Returns string

kind

Returns DetectorKind

shareImportedWarnings

Returns WarningsBehavior

usesSouffle

Returns boolean

Methods

check

Parameters

Returns Promise<MistiTactWarning[]>

ProtectedmakeWarning

Parameters

Returns MistiTactWarning

ProtectedskipUnused

Parameters

Returns boolean

Settings

On This Page

`Readonly`ctx

`Protected`makeWarning

`Protected`skipUnused