Scout is an extensible open-source tool intended to assist Stellar Soroban smart contract developers and auditors detect common security issues and deviations from best practices.
Users should be able to turn detections on/off. This gives them the possibility to mark a detection as false positive, thus keeping it from being included in the report.
Cases
// Case 1 - Triggers detection:
fn add_candidate(new_candidate: str) {
storage().get("candidates").push_back(new_candidate);
}
// Case 2 - Detection does not trigger:
#pragma: disable: set-contract-storage
fn add_candidate(new_candidate: str) {
storage().get("candidates").push_back(new_candidate);
}
// Case 3 - Scout should warn the user that an instruction to turn a detection off is implemented on code where the detection is not triggered.
#pragma: disable: set-contract-storage
fn add_candidate(new_candidate: str) {
sender.require_auth();
storage().get("candidates").push_back(new_candidate);
}
Users should be able to turn detections on/off. This gives them the possibility to mark a detection as false positive, thus keeping it from being included in the report.
Cases
Severity: minor
Scope of detection on/off: