Solidity Rules
SAST rules for Solidity that identify insecure patterns in application code.
Solidity Rule Catalog
| ID | Title | Severity | Category |
|---|---|---|---|
CODE-0099 | ERC20 Token Burn Vulnerability | CRITICAL | Crypto |
CODE-0202 | Unrestricted transferOwnership | CRITICAL | AccessControl |
CODE-0235 | Arbitrary Address Spoofing via Multicall and ERC2771Context | CRITICAL | Web |
CODE-0259 | Unrestricted Oracle Price Update | CRITICAL | AccessControl |
CODE-0435 | transferFrom() can steal allowance of other accounts | CRITICAL | Crypto |
CODE-0471 | Precision Loss Attack in Compound Forks | CRITICAL | Crypto |
CODE-0483 | Missing Oracle Access Control | CRITICAL | AccessControl |
CODE-0658 | Improper Input Validation in Superfluid Context | CRITICAL | Injection |
CODE-0679 | Unrestricted Contract Destruction | CRITICAL | AccessControl |
CODE-0802 | Missing Access Control in setMultipleAllowances() Function | CRITICAL | AccessControl |
CODE-0096 | Proxy Storage Collision | HIGH | InsecureConfig |
CODE-0105 | Unprotected getRate() call on Balancer pool | HIGH | Injection |
CODE-0108 | ERC777 tokensReceived() Reentrancy | HIGH | Crypto |
CODE-0206 | Custom ERC20 implementation exposes _transfer() as public | HIGH | AccessControl |
CODE-0211 | Incorrect call order of transferFrom() and rebase() in Olympus DAO forks | HIGH | Crypto |
CODE-0217 | ERC721 onERC721Received() Reentrancy | HIGH | Crypto |
CODE-0228 | Oracle Uses Manipulable Curve Pool Function | HIGH | Crypto |
CODE-0231 | ERC677 callAfterTransfer() Reentrancy | HIGH | Crypto |
CODE-0248 | No slippage check in Uniswap v2/v3 trade | HIGH | Crypto |
CODE-0250 | Arithmetic Underflow | HIGH | Crypto |
CODE-0281 | Reentrancy vulnerability in borrowFresh function | HIGH | Crypto |
CODE-0288 | Public _transferFeesSupportingTaxTokens function without access modifier | HIGH | AccessControl |
CODE-0433 | UniswapV3 adapter path parameter extraction vulnerability | HIGH | Crypto |
CODE-0436 | Custom ERC721 implementation lacks access control checks in _transfer() | HIGH | AccessControl |
CODE-0466 | Unprotected $VAULT.getPoolTokens() call from read-only reentrancy | HIGH | Injection |
CODE-0479 | Unprotected Curve Pool from Read-Only Reentrancy | HIGH | Crypto |
CODE-0485 | Uniswap callback is not protected | HIGH | AccessControl |
CODE-0495 | Insecure Keep3rV2 Oracle Manipulation | HIGH | Crypto |
CODE-0503 | Incorrect Position of 'from' Parameter Check in '_allowances' Mapping | HIGH | AccessControl |
CODE-0505 | Unprotected transferFrom() Function | HIGH | AccessControl |
CODE-0652 | Delegatecall to Arbitrary Address | HIGH | Smart Contract |
CODE-0656 | Arbitrary Low-Level Call | HIGH | Injection |
CODE-0678 | Unrestricted sweepToken Function | HIGH | AccessControl |
CODE-0768 | Price Oracle Manipulation via Flashloan | HIGH | Crypto |
CODE-0801 | Multicall Reentrancy Vulnerability | HIGH | Smart Contract |
CODE-0208 | Potential signature malleability in ECDSA recovery | MEDIUM | Crypto |
CODE-0438 | Meaningless Statement | MEDIUM | Generic |
CODE-0474 | Incorrect use of blockhash | MEDIUM | Crypto |
CODE-0484 | abi.encodePacked hash collision with variable length arguments | MEDIUM | Crypto |
CODE-0657 | Insecure Exact Balance Check | MEDIUM | Crypto |
CODE-0737 | Unicode Direction Control Characters Detected | LOW | InsecureConfig |
Total Rules: 41
Click on any rule ID to view detailed information, examples, and remediation guidance.