Cyfrin · alexroan · Dec 12, 2024 · Jan 13, 2025 · Jan 13, 2025 · Jan 13, 2025
@@ -8,7 +8,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout sources
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Install stable toolchain
         uses: actions-rs/toolchain@v1
@@ -77,7 +77,7 @@ jobs:
         uses: foundry-rs/[email protected]
 
       - name: Checkout sources
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Install stable toolchain
         uses: actions-rs/toolchain@v1
@@ -95,14 +95,14 @@ jobs:
         run: |
           git submodule update --init --recursive
 
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@v4
         with:
           node-version: 20
           cache: 'npm'
 
-      - uses: pnpm/action-setup@v3
+      - uses: pnpm/action-setup@v4
         with:
           version: 8
 
@@ -265,7 +265,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout sources
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Install nightly toolchain
         uses: actions-rs/toolchain@v1

@@ -8,7 +8,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout sources
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Install stable toolchain
         uses: actions-rs/toolchain@v1
@@ -39,7 +39,7 @@ jobs:
         uses: foundry-rs/[email protected]
 
       - name: Checkout sources
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Install stable toolchain
         uses: actions-rs/toolchain@v1
@@ -58,14 +58,14 @@ jobs:
         run: |
           git submodule update --init --recursive
 
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@v4
         with:
           node-version: 20
           cache: "npm"
 
-      - uses: pnpm/action-setup@v3
+      - uses: pnpm/action-setup@v4
         with:
           version: 8
 

@@ -32,7 +32,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Extract Tag Name
         id: extract_tag_name

@@ -71,6 +71,9 @@ Cyfrinup is a CLI tool that simplifies the installation and management of Cyfrin
 curl -L https://raw.githubusercontent.com/Cyfrin/aderyn/dev/cyfrinup/install | bash
 ```
 
+If you get a `failed writing body` error in Windows, it's most likely because you don't have Windows Distribution system.
+
+You can fix this by going to Microsoft Store, download Ubuntu, and have it running.
 #### Step 2: Update Path
 
 The installer will prompt you to run a `source` command. Either run this command, or reload your terminal.
@@ -126,11 +129,11 @@ Usage: `aderyn [OPTIONS] <ROOT>`
 `<ROOT>`: The path to the root of the codebase to be analyzed. Defaults to the current directory.
 
 Options:
-  - `-s`, `--src`: Path to the source contracts. If not provided, or if aderyn can't find famous files to read (like `foundry.toml`, which it automatically searches for) the ROOT directory will be used.
+  - `-s`, `--src`: Path to the source contracts. Used to avoid analyzing libraries, tests or scripts and focus on the contracts. If not provided, or if aderyn can't find famous files to read (like `foundry.toml`, which it automatically searches for) the ROOT directory will be used.
     - In foundry projects, this is usually the `src/` folder unless stated otherwise in `foundry.toml`.
     - In Hardhat projects, this is usually the `contracts/` folder unless stated otherwise in the config.
-  - `-i`, `--path-includes <PATH_INCLUDES>`: List of path strings to include, delimited by comma (no spaces). Any solidity file path not containing these strings will be ignored
-  - `-x`, `--path-excludes <PATH_EXCLUDES>`: List of path strings to exclude, delimited by comma (no spaces). Any solidity file path containing these strings will be ignored
+  - `-i`, `--path-includes <PATH_INCLUDES>`: List of path strings to include, delimited by comma (no spaces). It allows to include only one or more specific contracts in the analysis. Any solidity file path not containing these strings will be ignored.
+  - `-x`, `--path-excludes <PATH_EXCLUDES>`: List of path strings to exclude, delimited by comma (no spaces). It allows to exclude one or more specific contracts from the analysis. Any solidity file path containing these strings will be ignored
   - `-o`, `--output <OUTPUT>`: Desired file path for the final report (will overwrite the existing one) [default: report.md]
   - `-n`, `--no-snippets`: Do not include code snippets in the report (reduces report size in large repos)
   - `-h`, `--help`: Print help

@@ -132,11 +132,11 @@ Usage: `aderyn [OPTIONS] <ROOT>`
 `<ROOT>`: The path to the root of the codebase to be analyzed. Defaults to the current directory.
 
 Options:
-  - `-s`, `--src`: Path to the source contracts. If not provided, or if aderyn can't find famous files to read (like `foundry.toml`, which it automatically searches for) the ROOT directory will be used.
+  - `-s`, `--src`: Path to the source contracts. Used to avoid analyzing libraries, tests or scripts and focus on the contracts. If not provided, or if aderyn can't find famous files to read (like `foundry.toml`, which it automatically searches for) the ROOT directory will be used.
     - In foundry projects, this is usually the `src/` folder unless stated otherwise in `foundry.toml`.
     - In Hardhat projects, this is usually the `contracts/` folder unless stated otherwise in the config.
-  - `-i`, `--path-includes <PATH_INCLUDES>`: List of path strings to include, delimited by comma (no spaces). Any solidity file path not containing these strings will be ignored
-  - `-x`, `--path-excludes <PATH_EXCLUDES>`: List of path strings to exclude, delimited by comma (no spaces). Any solidity file path containing these strings will be ignored
+  - `-i`, `--path-includes <PATH_INCLUDES>`: List of path strings to include, delimited by comma (no spaces). It allows to include only one or more specific contracts in the analysis. Any solidity file path not containing these strings will be ignored.
+  - `-x`, `--path-excludes <PATH_EXCLUDES>`: List of path strings to exclude, delimited by comma (no spaces). It allows to exclude one or more specific contracts from the analysis. Any solidity file path containing these strings will be ignored
   - `-o`, `--output <OUTPUT>`: Desired file path for the final report (will overwrite the existing one) [default: report.md]
   - `-n`, `--no-snippets`: Do not include code snippets in the report (reduces report size in large repos)
   - `-h`, `--help`: Print help

@@ -19,25 +19,31 @@ pub struct CommandLineArgs {
     #[arg(default_value = ".")]
     root: String,
 
-    /// Path to the source contracts. If not provided, the ROOT directory will be used.
+    /// Path to the source contracts.
+    /// Used to avoid analyzing libraries, tests or scripts and focus on the contracts.
     ///
-    /// For example, in a foundry repo:
+    /// In Foundry projects, it's auto-captured by foundry.toml and it's usually
+    /// not necessary to provide it.
     ///
-    ///     --src=src/
-    ///
-    /// In a hardhat repo:
+    /// In a Hardhat project:
     ///
     ///    --src=contracts/
     #[clap(short, long, use_value_delimiter = true)]
     src: Option<Vec<String>>,
 
     /// List of path strings to include, delimited by comma (no spaces).
-    /// Any solidity file path not containing these strings will be ignored
+    ///
+    /// It allows to include only one or more specific contracts in the analysis:
+    ///     aderyn -i src/MyContract.sol
+    ///     aderyn -i src/MyContract.sol,src/MyOtherContract.sol
     #[clap(short = 'i', long, use_value_delimiter = true)]
     path_includes: Option<Vec<String>>,
 
     /// List of path strings to exclude, delimited by comma (no spaces).
-    /// Any solidity file path containing these strings will be ignored
+    ///
+    /// It allows to exclude one or more specific contracts from the analysis:
+    ///     aderyn -x src/MyContract.sol
+    ///     aderyn -x src/MyContract.sol,src/MyOtherContract.sol
     #[clap(short = 'x', long, use_value_delimiter = true)]
     path_excludes: Option<Vec<String>>,
 

@@ -147,7 +147,7 @@ impl<'a> ExtractReferencedDeclarationsConditionally<'a> {
     }
 }
 
-impl<'a> ASTConstVisitor for ExtractReferencedDeclarationsConditionally<'a> {
+impl ASTConstVisitor for ExtractReferencedDeclarationsConditionally<'_> {
     fn visit_member_access(&mut self, node: &MemberAccess) -> Result<bool> {
         if !self.condition.as_ref()(node.id, self.context) {
             return Ok(true);

@@ -61,7 +61,7 @@ impl<'a> Add<ApproximateStorageChangeFinder<'_>> for ApproximateStorageChangeFin
     }
 }
 
-impl<'a> Debug for ApproximateStorageChangeFinder<'a> {
+impl Debug for ApproximateStorageChangeFinder<'_> {
     // Do not print context. Hence, debug is custom derived for this struct
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
         writeln!(f, "Manipulated directly: {:?}", self.directly_manipulated_state_variables)?;
@@ -213,7 +213,7 @@ impl<'a> ApproximateStorageChangeFinder<'a> {
     }
 }
 
-impl<'a> ASTConstVisitor for ApproximateStorageChangeFinder<'a> {
+impl ASTConstVisitor for ApproximateStorageChangeFinder<'_> {
     fn visit_unary_operation(&mut self, node: &UnaryOperation) -> Result<bool> {
         // WRITE HEURISTICS
         // Catch unary operations that manipulate variables

@@ -157,7 +157,7 @@ mod callgraph_test_functions {
         outward_side_effects_modifier_definitions_names: Vec<String>,
     }
 
-    impl<'a> Tracker<'a> {
+    impl Tracker<'_> {
         fn new(context: &WorkspaceContext) -> Tracker {
             Tracker {
                 context,

@@ -74,7 +74,7 @@ struct StateVariableChangeTracker<'a> {
     context: &'a WorkspaceContext,
 }
 
-impl<'a> CallGraphVisitor for StateVariableChangeTracker<'a> {
+impl CallGraphVisitor for StateVariableChangeTracker<'_> {
     fn visit_any(&mut self, node: &crate::ast::ASTNode) -> eyre::Result<()> {
         if self.state_var_has_changed {
             return Ok(());

@@ -71,7 +71,7 @@ struct DelegateCallNoAddressChecksTracker<'a> {
     context: &'a WorkspaceContext,
 }
 
-impl<'a> CallGraphVisitor for DelegateCallNoAddressChecksTracker<'a> {
+impl CallGraphVisitor for DelegateCallNoAddressChecksTracker<'_> {
     fn visit_any(&mut self, node: &crate::context::workspace_context::ASTNode) -> eyre::Result<()> {
         if !self.has_address_checks && helpers::has_binary_checks_on_some_address(node) {
             self.has_address_checks = true;

@@ -113,7 +113,7 @@ mod erc_matching_function_signature_helper {
     }
 
     // Helps with checking if a function definition satisifed a signature matcher
-    impl<'a> SignatureMatcher<'a> {
+    impl SignatureMatcher<'_> {
         fn satisfies(&self, func: &FunctionDefinition) -> Option<bool> {
             if func.name != self.name {
                 return Some(false);

@@ -127,7 +127,7 @@ mod erc721_matching_function_signature_helper {
     }
 
     // Helps with checking if a function definition satisifed a signature matcher
-    impl<'a> SignatureMatcher<'a> {
+    impl SignatureMatcher<'_> {
         fn satisfies(&self, func: &FunctionDefinition) -> bool {
             if func.name != self.name {
                 return false;

@@ -29,7 +29,7 @@ fn version_req_allows_below_0_5_0(version_req: &VersionReq) -> bool {
     }
 
     let comparator = &version_req.comparators[0];
-    comparator.major == 0 && comparator.minor.map_or(false, |m| m < 5)
+    comparator.major == 0 && comparator.minor.is_some_and(|m| m < 5)
 }
 
 impl IssueDetector for NestedStructInMappingDetector {

@@ -107,7 +107,7 @@ fn allows_below_0_6_0(version_req: &VersionReq) -> bool {
     }
 
     let comparator = &version_req.comparators[0];
-    comparator.major == 0 && comparator.minor.map_or(false, |m| m < 6)
+    comparator.major == 0 && comparator.minor.is_some_and(|m| m < 6)
 }
 
 impl IssueDetector for StateVariableShadowingDetector {

@@ -69,7 +69,7 @@ mod assert_state_change_tracker {
         context: &'a WorkspaceContext,
     }
 
-    impl<'a> CallGraphVisitor for StateVariableChangeTracker<'a> {
+    impl CallGraphVisitor for StateVariableChangeTracker<'_> {
         fn visit_any(&mut self, node: &crate::ast::ASTNode) -> eyre::Result<()> {
             if self.has_some_state_variable_changed {
                 return Ok(());

@@ -160,7 +160,7 @@ mod loop_investigation_helper {
         changes: Option<ApproximateStorageChangeFinder<'a>>,
     }
 
-    impl<'a> CallGraphVisitor for StateVariableChangeTracker<'a> {
+    impl CallGraphVisitor for StateVariableChangeTracker<'_> {
         fn visit_any(&mut self, node: &ASTNode) -> eyre::Result<()> {
             let changes = ApproximateStorageChangeFinder::from(self.context, node);
             if self.changes.is_none() {

@@ -80,7 +80,7 @@ struct StateVariableChangeTracker<'a> {
     context: &'a WorkspaceContext,
 }
 
-impl<'a> CallGraphVisitor for StateVariableChangeTracker<'a> {
+impl CallGraphVisitor for StateVariableChangeTracker<'_> {
     fn visit_any(&mut self, node: &crate::ast::ASTNode) -> eyre::Result<()> {
         if self.state_var_has_changed {
             return Ok(());

@@ -31,7 +31,7 @@ impl IssueDetector for DeprecatedOZFunctionsDetector {
                     directive
                         .absolute_path
                         .as_ref()
-                        .map_or(false, |path| path.contains("openzeppelin"))
+                        .is_some_and(|path| path.contains("openzeppelin"))
                 }) && identifier.name == "_setupRole"
                 {
                     capture!(self, context, identifier);
@@ -51,7 +51,7 @@ impl IssueDetector for DeprecatedOZFunctionsDetector {
                     directive
                         .absolute_path
                         .as_ref()
-                        .map_or(false, |path| path.contains("openzeppelin"))
+                        .is_some_and(|path| path.contains("openzeppelin"))
                 }) && member_access.member_name == "safeApprove"
                 {
                     capture!(self, context, member_access);

@@ -93,7 +93,7 @@ impl<'a> NonConstantStateVariableReferenceDeclarationTracker<'a> {
     }
 }
 
-impl<'a> CallGraphVisitor for NonConstantStateVariableReferenceDeclarationTracker<'a> {
+impl CallGraphVisitor for NonConstantStateVariableReferenceDeclarationTracker<'_> {
     fn visit_any(&mut self, node: &ASTNode) -> eyre::Result<()> {
         // We already know the condition is satisifed
         if self.makes_a_reference {

@@ -74,7 +74,7 @@ impl IssueDetector for MissingInheritanceDetector {
                 continue;
             }
             if let Some(ASTNode::ContractDefinition(c)) = context.nodes.get(contract_id) {
-                if c.kind != ContractKind::Contract || c.is_abstract.map_or(false, identity) {
+                if c.kind != ContractKind::Contract || c.is_abstract.is_some_and(identity) {
                     continue;
                 }
             }
@@ -100,7 +100,7 @@ impl IssueDetector for MissingInheritanceDetector {
                 if let Some(ASTNode::ContractDefinition(c)) =
                     context.nodes.get(potentially_missing_inheritance)
                 {
-                    if c.kind == ContractKind::Interface || c.is_abstract.map_or(false, identity) {
+                    if c.kind == ContractKind::Interface || c.is_abstract.is_some_and(identity) {
                         // Check that the contract is compatible with the missing inheritance
                         if missing_function_selectors.iter().all(|s| contract_selectors.contains(s))
                         {

@@ -130,7 +130,7 @@ struct CallNoAddressChecksTracker<'a> {
     context: &'a WorkspaceContext,
 }
 
-impl<'a> CallGraphVisitor for CallNoAddressChecksTracker<'a> {
+impl CallGraphVisitor for CallNoAddressChecksTracker<'_> {
     fn visit_any(&mut self, node: &crate::context::workspace_context::ASTNode) -> eyre::Result<()> {
         if !self.has_address_checks && helpers::has_binary_checks_on_some_address(node) {
             self.has_address_checks = true;

@@ -142,7 +142,7 @@ mod function_state_changes_finder_helper {
         changes: Option<ApproximateStorageChangeFinder<'a>>,
     }
 
-    impl<'a> CallGraphVisitor for StateVariableChangeTracker<'a> {
+    impl CallGraphVisitor for StateVariableChangeTracker<'_> {
         fn visit_any(&mut self, node: &ASTNode) -> eyre::Result<()> {
             let changes = ApproximateStorageChangeFinder::from(self.context, node);
             if self.changes.is_none() {

@@ -31,7 +31,7 @@ impl IssueDetector for UnsafeERC721MintDetector {
                     directive
                         .absolute_path
                         .as_ref()
-                        .map_or(false, |path| path.contains("openzeppelin"))
+                        .is_some_and(|path| path.contains("openzeppelin"))
                 }) && identifier.name == "_mint"
                 {
                     let this_contract_definition = identifier

@@ -50,10 +50,6 @@ impl FromStr for CodeIterator {
     type Err = usize;
 
     fn from_str(code: &str) -> Result<Self, <Self as FromStr>::Err> {
-        return Ok(CodeIterator {
-            content: code.chars().collect::<Vec<_>>(),
-            curr_pos: 0,
-            line_no: 1,
-        });
+        Ok(CodeIterator { content: code.chars().collect::<Vec<_>>(), curr_pos: 0, line_no: 1 })
     }
 }
@@ -24,17 +24,6 @@ pub struct JsonContent {
 
 pub struct JsonPrinter;
 
-/**
- * JSON should mimick MD
-    {
-        "files_summary": {...},
-        "files_details": {...},
-        "issue_summary": {...},
-        "high_issues": {...},
-    ...
-    }
-*/
-
 impl ReportPrinter<()> for JsonPrinter {
     fn print_report<W: Write>(
         &self,