scout-soroban

scout-soroban copied to clipboard

## Comment Juli Time to Live needs to be extended in soroban smart contracts. Make sure to include a function specific for extending ttl in your contract. Add a detector...

arturoBeccar

## Comment Juli As an alternative to returning a result enum, use `panic_with_error!`, from soroban sdk, as a more elegant remediation to just panic.

arturoBeccar

The documentation of the vulnerability [iterators-over-indexing](https://coinfabrik.github.io/scout-soroban/docs/vulnerabilities/iterators-over-indexing) claims that this issue could produce an overflow. Review if this is the case, and if not, remove the comment about overflow in the...

arturoBeccar

## Description Following these [notes by an auditor](https://docs.google.com/document/d/1O3JXswixBjzj0EKuuRsak7lyZy9a3EZvjx7p3FbKooY/edit#heading=h.of7ygbq7z7l0) and [this conversation thread](https://coinfabrik.slack.com/archives/C6CSVBDJ9/p1720460533228049), we need to remove the recommendation to use `prng()` as a source of randomness for Soroban smart contracts....

arturoBeccar

No `help` in CLI output message for: - [ ] set-contract-storage - [ ] unprotected-update-contract-wasm

arturoBeccar

Verify the storage variable invoked in a transfer.

matiascabello

The check is only done in debug mode but not on release mode so it does it is not sufficient to catch overflows on release mode. https://doc.rust-lang.org/stable/book/ch03-02-data-types.html#integer-overflow

arturoBeccar

User story: As a Scout user I want to see a summary of the tool's execution to see that it ran properly. **Output components** Command line output should include: -...

matiascabello

# Problem Description Be careful about the usage of `Map`, it is not the same as a `Mapping` in Soroban, and has similar storage limitations to `Vec`. To implement a...

arturoBeccar

## Description Explore the feasibility of adding a `front-running` detector

jgcrosta