Detector ideas

[0xGeorgii]

Function Contract can panic

Detect panic!, unwrap, and expect calls inside all contract functions (directly or indirectly). We need it to ensure a developer does not explicitly interrupt execution with panics => interrupts a caller call.
Inspired by: scout

Storage key is accepted as a function parameter

A user should not be able to set an arbitrary named storage slot location.
Inspired by: scout

Default struct is returned

If in a function, a default struct is created without mut and then returned from the function with unwrap_or or with return or without being changed.

https://docs.rs/soroban-sdk/latest/soroban_sdk/token/trait.TokenInterface.html#tymethod.transfer
We can check if someone calls a transfer with the unsigned amount or by using cast.

Extend ttl with max_ttl

A TTL extension should be calculated, but not just set as maximum.

See Soroban SDK docs:

• https://docs.rs/soroban-sdk/latest/soroban_sdk/storage/struct.Storage.html#method.max_ttl
• https://docs.rs/soroban-sdk/latest/soroban_sdk/deploy/struct.Deployer.html#method.extend_ttl

Using temporary storage value as a condition

If there is a env::storage::temporary::has call used as a condition, it can be an error.

---

• Contract can panic Contract can panic detector #9
• Storage key is accepted as a function parameter Use storage key from function parameter detector #10
• Default struct is returned Return default struct detector #11
• Extend ttl with max_ttl Extend TTL with max_ttl detector #12
• Using a temporary storage value as a condition Function using a temporary storage value as a condition detector #13