Feat/timestamp

[nafiuishaaq]

Updates implemented

• Added a new Solidity rule sol-013:

  • name: Unsafe Timestamp Dependency
  • category: security
  • severity: high
  • Detects block.timestamp and now usage in critical control flow
  • Skips timestamp use in simple event emission lines

• Implemented the detection logic in:

  • solidity-analyzer.ts

• Added regression tests in:

  • solidity-rules.spec.ts

Notes

• The rule now flags insecure timestamp-based logic such as require(block.timestamp <= deadline, ...) and uint256 startTime = now;
• It avoids false positives for lines that only emit a timestamp event

If you want, I can also add a dedicated fixture for sol-013 and/or update rule documentation.

Made changes.

Closes #308

Done

Added a new tx.origin authentication rule for Solidity.

What changed

• solidity-analyzer.ts

  • Added rule sol-014:
    • name: Insecure tx.origin Authentication
    • severity: high
    • category: security
    • description: flags tx.origin usage and suggests msg.sender
  • Implemented detection method detectTxOriginUsage(code)
    • flags raw tx.origin usage
    • ignores commented lines
  • Wired the rule into analyze(...) so findings are reported

• solidity-rules.spec.ts

  • Added regression tests for:
    • detecting tx.origin authentication use
    • not flagging msg.sender authentication

Notes

Closes #309

• This meets the acceptance criteria: tx.origin usage is now flagged.
• I attempted to run the focused rule tests, but the terminal execution tool was skipped in this session.

Made changes.

Closes #306

[drips-wave]

@nafiuishaaq Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits