Skip to content

Releases: Cyfrin/aderyn

Release v0.3.4

17 Jan 12:12
af02918
Compare
Choose a tag to compare
  • More robust shell installer (cyfrinup)
  • Improved docs for CLI options
  • Github actions updates
  • Readme updates

What's Changed

New Contributors

Full Changelog: v0.3.3...v0.3.4

Release v0.3.3

12 Dec 17:57
2cda3d3
Compare
Choose a tag to compare

Features

  • Implement init with an optional path to create aderyn.toml
    shoutout to @mgiagante #762

Fixes

  • Account for revert statements not just revert functions in require/revert in loop detector
  • Catch only ERC20 functions when reporting unsafe transfer

Modifications

  • Lower the severity of UncheckedReturn detector
  • Lower the severity of block.timestamp in deadline detector
  • Lower the severity of delegate call in loop detector
  • Arbitrary transfer from has a new strategy

Removed

  • Uninitialized state variable detector

Funding

  • Create funding.json for gitcoin

Release v0.3.2

10 Oct 12:33
6939aa5
Compare
Choose a tag to compare

What's Changed

Full Changelog: v0.3.1...v0.3.2

Release v0.3.1

10 Oct 11:23
0279da5
Compare
Choose a tag to compare

NOTE: This binary will still display 0.3.0 when aderyn --version is run instead of 0.3.1, that was a deployment mistake from me (@TilakMaddy). Apologies for the inconvenience

What's Changed

  • Allow for sendValue on address to be recognized as a withdraw function by @TilakMaddy in #748
  • Relax fixed pragma constraints on library contract files by @TilakMaddy in #740
  • Fix: Allow aderyn to exit without crashing if update-check fails by @TilakMaddy in #753
  • Rename ConstantsInsteadOfLiterals detector to better suit //aderyn-ignore-(..) by @TilakMaddy in #737
  • Fixed minor typo by @Ritik-Agarwal50 in #741
  • Refactor More Detector Names to suit //aderyn-ignore.. pattern by @TilakMaddy in #739
  • Low Detector: State variable could be marked immutable + Inter Context Merge Strategy by @TilakMaddy in #734
  • standardize rust formatting with rustfmt.toml by @TilakMaddy in #755
  • feat: Add refactor commit to blame-ingore-revs by @TilakMaddy in #756

New Contributors

Full Changelog: v0.3.0...v0.3.1

Release v0.3.0

22 Sep 16:49
Compare
Choose a tag to compare

Changelog

  • Introduction of LSP Server (Beta) --lsp
    • This replaces --watch mode.
  • New detectors:
    • LOW: State changed but no event emitted
    • LOW: Multiple placeholders in modifier
  • Unchecked block support
  • Expression Statements as first class nodes
  • make help and make pr to aid contributor devex flow
  • ASCII art on cyfrinup installation
  • Panic handler
  • aderyn init for creating aderyn.toml files

What's Changed

New Contributors

Full Changelog: v0.2.0...v0.3.0

Release v0.2.0

02 Sep 14:37
5c483fd
Compare
Choose a tag to compare

What's Changed

Full Changelog: v0.1.11...v0.2.0

Release v0.1.11

19 Aug 12:20
7b30416
Compare
Choose a tag to compare

Changelog

  • New Detectors:
    • HIGH: Incorrect ERC20 interface
    • HIGH: Out of order L1->L2 retryable transactions
    • HIGH: Incorrect ERC721 interface
    • HIGH: Constant function changing state
    • HIGH: Function signature collision
    • LOW: State variable initialized in a function
    • LOW: Builtin symbol shadowing
    • LOW: Costly operations within loops
    • LOW: State change inside assert
    • LOW: Cache array length
  • Python bindings
  • DevEx: Refactor callgraph naming and file structure

What's Changed

New Contributors

Full Changelog: v0.1.10...v0.1.11

Release v0.1.10

07 Aug 17:35
61295db
Compare
Choose a tag to compare

Changelog

  • Fix AST Nodes to account for None return parameters when returning from a modifier.
  • Detectors:
    • LOW: Unused private/internal state variables
    • LOW: Return bomb

What's Changed

Full Changelog: v0.1.9...v0.1.10

Release v0.1.9

05 Aug 09:39
37522ef
Compare
Choose a tag to compare

Release Notes

New Detectors:

  • HIGH: Unchecked send return value
  • HIGH: Storage Signed Integer Array
  • HIGH: Strict ETH balance equality
  • HIGH: Tautology or Contradiction
  • HIGH: Contract that locks ETH
  • HIGH: msg.value used inside a loop
  • HIGH: Bad use of tx.origin
  • LOW: Boolean equality
  • LOW: State variable read in an external context
  • LOW: Redundant statements
  • LOW: Constant functions contain assembly

Fixes:

  • State variable shadowing - title and description fix
  • Upgrade check checks github releases instead of cargo releases

What's Changed

Full Changelog: v0.1.8...v0.1.9

Release v0.1.8

28 Jul 21:39
c9c251d
Compare
Choose a tag to compare

Changelog

Aderyn passed 50 detectors! 🥳 5️⃣ 0️⃣ ➕

  • New detectors:
    • HIGH: Uninitialized state variables consumed
    • HIGH: Dangerous Unary Operator
    • HIGH: Unchecked return value
    • HIGH: Right to left special character used
    • HIGH: Tautological conditional
    • HIGH: Misused Boolean
    • HIGH: Functions sending ETH without msg.sender checks
    • HIGH: Delegatecall to an unprotected address
    • HIGH: Deletion of nested mapping
    • HIGH: Usage of pre-declared local variables
    • HIGH: Weak Randomness (First contribution from @DavidDrob !! 🥳 👏 )
  • Optimize release binary for speed
  • Callgraph preprocessing allowing for detectors to search upstream and downstream callgraph <3

What's Changed

New Contributors

Full Changelog: v0.1.7...v0.1.8