Scout is an extensible open-source tool intended to assist Stellar Soroban smart contract developers and auditors detect common security issues and deviations from best practices.
The hint/help message should be conditional: If the function returns Result, suggest using ok_or, if it does not return a Result, keep it as it is.
unsafe-expect
The detection should only trigger in cases where the function returns a Result.
// OLD
This is valid for all detectors in the panic category. (unsafe-expect, unsafe-unwrap, unsafe-map-get, assert-violation).
The detection should only trigger in cases where the function returns a Result.
The criteria is as follows: in a function where Result is returned, it will be required to return an error instead of crashing. On the other side, if the function only returns a Value there is no change to return the error received and eventually returned to caller.
fn test() -> Result<str> {
panic("done"); // NOT EVER
return Ok("ok ok ");
}
fn test_no_error_handling() -> str {
panic("done"); // ok
return "ok ok ";
}
unsafe-unwrap
The hint/help message should be conditional: If the function returns
Result
, suggest usingok_or
, if it does not return aResult
, keep it as it is.unsafe-expect
The detection should only trigger in cases where the function returns a
Result
.// OLD
This is valid for all detectors in the panic category. (unsafe-expect, unsafe-unwrap, unsafe-map-get, assert-violation).
The detection should only trigger in cases where the function returns a
Result
.The criteria is as follows: in a function where Result is returned, it will be required to return an error instead of crashing. On the other side, if the function only returns a
Value
there is no change to return the error received and eventually returned to caller.