From 55a98c28e9d73c602ca0e888e8083482c9832c3f Mon Sep 17 00:00:00 2001
From: Georgii Plotnikov <accembler@gmail.com>
Date: Tue, 3 Jun 2025 15:23:02 +0900
Subject: [PATCH] Use storage key from function parameter detector

---
 ...se-storage-key-from-function-parameter.yml | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 detectors/metadata/use-storage-key-from-function-parameter.yml

diff --git a/detectors/metadata/use-storage-key-from-function-parameter.yml b/detectors/metadata/use-storage-key-from-function-parameter.yml
new file mode 100644
index 0000000..83e5e4e
--- /dev/null
+++ b/detectors/metadata/use-storage-key-from-function-parameter.yml
@@ -0,0 +1,19 @@
+metadata:
+  id: use-storage-key-from-function-parameter
+  uid: y7XzWq
+  description: Detects smart contracts that use a storage key derived from a function parameter, which can lead to unexpected behavior and security vulnerabilities. It is crucial to ensure that storage keys are derived from secure and predictable sources.
+  report:
+    severity: high
+    tags:
+      - audit
+      - reportable
+    template:
+      title: Storage Key Derived from Function Parameter Detected
+      opening: Smart contracts should avoid using storage keys derived from function parameters, as this can lead to unexpected behavior and potential security vulnerabilities. Storage keys should be derived from secure and predictable sources to ensure the integrity of the contract's state.
+      body-single-file-single-instance: In `$file_name`, the function `$FUNCTION_NAME` in contract `$CONTRACT_NAME` uses a storage key derived from a function parameter.
+      body-single-file-multiple-instance: In `$file_name`, multiple functions use storage keys derived from function parameters.
+      body-multiple-file-multiple-instance: Across $total_files files, multiple functions use storage keys derived from function parameters.
+      body-list-item-intro: 'The following functions were found using storage keys derived from function parameters:'
+      body-list-item-single-file: '- Function `$FUNCTION_NAME` in Contract `$CONTRACT_NAME` in [`$file_name`]($instance_line_link)'
+      body-list-item-multiple-file: '- Function `$FUNCTION_NAME` in Contract `$CONTRACT_NAME` in [`$file_name`]($instance_line_link)'
+      closing: To ensure proper functionality and usability, avoid using storage keys derived from function parameters. Review the identified functions and refactor the code to derive storage keys from secure and predictable sources.
\ No newline at end of file