Releases: crytic/amarna
Releases · crytic/amarna
v0.1.5 - Support for Cairo v0.10
Add support for Cairo v0.10.0
What's Changed
- Migrate to cairo v10 by @coolhill in #76
- workflows/pip-audit: update slug to pypa by @woodruffw in #78
- Bump github/super-linter from 4.9.6 to 4.9.7 by @dependabot in #82
- Check namespace decorators for interfaces by @fcasal in #85
- Add rule deprecation. by @fcasal in #87
Full Changelog: v0.1.4...v0.1.5
Contributors
woodruffw, coolhill, and 2 other contributors
Assets 2
v0.1.4
v0.1.3
What's Changed
- Fix CodeQL warnings by @fcasal in #51
- Dependabot: Automatically upgrade GitHub Actions by @woodruffw in #56
- Bump actions/checkout from 2 to 3 by @dependabot in #60
- Bump actions/setup-python from 2 to 4 by @dependabot in #58
- Bump github/super-linter from 4.9.0 to 4.9.5 by @dependabot in #59
- Bump trailofbits/gh-action-pip-audit from 0.0.4 to 1.0.0 by @dependabot in #61
- Improve arithmetic rules by @fcasal in #55
- Add amarna-action to the readme. by @fcasal in #63
- Bump github/super-linter from 4.9.5 to 4.9.6 by @dependabot in #64
- Cairo 0.9.1 support by @coolhill in #67
- Test sarif generation by @coolhill in #68
- feat(cli): file is optional by @LucasLvy in #65
- fix: deadstore FP where use happens after first return statement by @coolhill in #72
- Prepare fix release for cairo 0.9.1 support by @coolhill in #73
New Contributors
- @dependabot made their first contribution in #60
- @LucasLvy made their first contribution in #65
Full Changelog: v0.1.2...v0.1.3
Contributors
woodruffw, coolhill, and 3 other contributors
Assets 2
v0.1.2
Amarna
Amarna is a static-analyzer and linter for the Cairo programming language.
Features
- Finds code-smells and potential vulnerabilities in Cairo code
- Compiler-identical parsing of Cairo code and StarkNet contracts
- Supports creating local and global rules
- Exports the parsed AST of a Cairo file
- Exports static-analysis results to the SARIF format.
Currently supported rules
| # | Rule | What it finds | Impact | Precision |
|---|---|---|---|---|
| 1 | Arithmetic operations | All uses of arithmetic operations +, -, *, and / | Info | High |
| 2 | Unused arguments | Function arguments that are not used in the functions in which they appear | Warning | High |
| 3 | Unused imports | Unused imports | Info | High |
| 4 | Mistyped decorators | Mistyped code decorators | Info | High |
| 5 | Unused functions | Functions that are never called | Info | Medium |
| 6 | Error codes | Function calls that have return values that must be checked | Info | High |
| 7 | Inconsistent assert usage | Asserts that use the same constant in different ways, e.g., assert_le(amount, BOUND) and assert_le(amount, BOUND - 1) |
Warning | High |
| 8 | Dead stores | Variables that are assigned values but not used before a return statement | Info | Medium |
| 9 | Unchecked overflows | Function calls that ignore the returned overflow flags, e.g., uint256_add |
Warning | High |
| 10 | Caller address return value | Function calls to the get_caller_address function. |
Info | High |
| 11 | Storage variable collision | Multiple @storage_var with the same name. |
Warning | High |
| 12 | Implicit function import | Function with decorator @external, @view, @l1_handler that is being implicitly imported. |
Info | High |
| 13 | Unenforced view function | State modification within a @view function |
Info | High |
| 14 | Uninitialized variable | Local variables that are never initialized. | Info | High |