List of Supported Detectors
Complete list of Aderyn's 90+ security detectors
List of Supported Detectors
Aderyn CLI and Aderyn VS Code extension share the same list of supported detectors.
High-severity detectors
| Name | Description |
|---|---|
| hash-collision-due-to-abi-encode-packed | abi.encodePacked() should not be used with dynamic types when passing the result to a hash function such as keccak256() |
| arbitrary-transfer-from | Arbitrary from passed to transferFrom (or safeTransferFrom) |
| unprotected-initializer | Unprotected initializer |
| unsafe-casting-detector | Unsafe Casting |
| enumerable-loop-removal | EnumerableSet.remove in loop corrupts the set order |
| experimental-encoder | Experimental ABI Encoder |
| incorrect-shift-order | Incorrect Assembly Shift Parameter Order |
| storage-array-edit-with-memory | Storage Array Edited with Memory |
| multiple-constructors | Contract Has Multiple Constructors |
| reused-contract-name | Contract Name Reused in Different Files |
| nested-struct-in-mapping | Nested Structs in Mappings pre-0.5.0 |
| selfdestruct-identifier | Deprecated EVM Instruction for selfdestruct should not be used |
| dynamic-array-length-assignment | Array length value has a direct assignment |
| incorrect-caret-operator | Incorrect use of caret operator on a non hexadecimal constant |
| yul-return | Shadowed State Variables in Inheritance Hierarchy |
| state-variable-shadowing | Shadowed State Variables in Inheritance Hierarchy |
| unchecked-send | Unchecked bool success value for send call |
| misused-boolean | Misused boolean with logical operators |
| sends-ether-away-without-checking-address | Functions send eth away from contract but performs no checks on any address |
| delegate-call-on-unchecked-address | Delegatecall made by the function without checks on any address |
| tautological-compare | Tautological comparison |
| rtlo | RTLO character detected in file |
| dangerous-unary-operator | Dangerous unary operator found in assignment |
| tautology-or-contradiction | Tautology or Contradiction in comparison |
| strict-equality-check-on-contract-balance | Dangerous strict equality checks on contract balances |
| signed-storage-array | Signed array in storage detected for compiler version <0.5.10 |
| weak-randomness | Weak Randomness |
| pre-declared-local-variable-usage | Usage of variable before declaration |
| delete-nested-mapping | Deletion from a nested mapping |
| tx-origin-used-for-auth | Potential use of tx.origin for authentication |
| msg-value-in-loop | Loop contains msg.value |
| contract-locks-ether | Contract locks Ether without a withdraw function |
| incorrect-erc721-interface | Incorrect ERC721 interface |
| incorrect-erc20-interface | Incorrect ERC20 interface |
| out-of-order-retryable | Out of order retryable transactions |
| constant-function-changing-state | Constant functions changing state |
| function-selector-collision | Function selector collides with other functions |
| unchecked-low-level-call | Unchecked Low level calls |
Low-severity detectors
| Name | Description |
|---|---|
| delegate-call-in-loop | Using delegatecall in loop may consume excessive gas |
| centralization-risk | Centralization Risk for trusted owners |
| solmate-safe-transfer-lib | Solmate's SafeTransferLib does not check for token contract's existence |
| raw-ecrecover | ecrecover is susceptible to signature malleability |
| deprecated-oz-functions | Deprecated OpenZeppelin functions should not be used |
| unsafe-erc20-functions | Unsafe ERC20 Operations should not be used |
| unspecific-solidity-pragma | Solidity pragma should be specific, not wide |
| no-zero-address-check | Missing checks for address(0) when assigning values to address state variables |
| useless-public-function | public functions not used internally could be marked external |
| literal-instead-of-constant | Define and use constant variables instead of using literals |
| require-without-string | Empty require() / revert() statements |
| non-reentrant-is-not-before-others | The nonReentrant modifier should occur before all other modifiers |
| block-timestamp-is-weak-deadline | Using block.timestamp for swap deadline offers no protection |
| unsafe-oz-erc721-mint | Using ERC721::_mint() can be dangerous |
| push-zero-opcode | PUSH0 is not supported by all chains |
| useless-modifier | Modifiers invoked only once can be shoe-horned into the function |
| empty-block | Empty Block |
| large-numeric-literal | Large literal values multiples of 10000 can be replaced with scientific notation |
| useless-internal-function | Internal functions called only once can be inlined |
| contract-with-todos | Contract still has TODOs |
| inconsistent-type-names | Inconsistency in declaring uint256/uint (or) int256/int variables within a contract. Use explicit size declarations (uint256 or int256) |
| useless-error | Unused Custom Error |
| reverts-and-requires-in-loops | Loop contains require/revert statements |
| division-before-multiplication | Incorrect Order of Division and Multiplication |
| redundant-statements | Redundant statements have no effect |
| public-variable-read-in-external-context | Public variables of a contract read in an external context (using this) |
| unused-state-variable | Potentially unused private / internal state variables found |
| constant-functions-assembly | Functions declared pure / view but contains assembly |
| redundant-boolean-equality | Boolean equality is not required |
| local-variable-shadowing | Local variable shadows state variables in the contract hierarchy |
| uninitialized-local-variable | Uninitialized local variables |
| return-bomb | Return Bomb |
| function-initializing-state | Function initializing state |
| dead-code | Dead Code |
| array-length-not-cached | Loop condition contains state_variable.length that could be cached outside |
| state-change-in-assert | Incorrect use of assert() |
| costly-operations-inside-loops | Costly operations inside loops |
| builtin-symbol-shadow | Builtin Symbol Shadowing |
| void-constructor | Void constructor |
| missing-inheritance | Potentially missing inheritance for contract |
| unused-import | Unused Imports |
| function-pointer-in-constructor | Function pointers used in constructors |
| state-variable-could-be-constant | State variable could be declared constant |
| state-variable-changes-without-events | State variable changes but no event is emitted |
| state-variable-could-be-immutable | State variable could be declared immutable |
| multiple-placeholders | Modifier has multiple placeholders |
| unchecked-return | Return value of the function call is not checked |