| Rule Id | Error | Recommended |
|---|---|---|
| code-complexity | Function has cyclomatic complexity “current” but allowed no more than maxcompl. | |
| custom-errors | Enforces the use of Custom Errors over Require and Revert statements | ✔️ |
| explicit-types | Enforce explicit types (like uint256) over implicit ones(like uint). | ✔️ |
| function-max-lines | Function body contains “count” lines but allowed no more than maxlines. | |
| max-line-length | Line length must be no more than maxlen. | |
| max-states-count | Contract has “some count” states declarations but allowed no more than maxstates. | ✔️ |
| no-console | No console.log/logInt/logBytesX/logString/etc & No hardhat and forge-std console.sol import statements | ✔️ |
| no-empty-blocks | Code block has zero statements inside. Some common exceptions apply. | ✔️ |
| no-global-import | Import statement includes an entire file instead of selected symbols | ✔️ |
| no-unused-vars | Ensure defined names are used | ✔️ |
| one-contract-per-file | Enforces the use of ONE Contract per file see here | ✔️ |
| payable-fallback | When fallback is not payable you will not be able to receive ethers. | ✔️ |
| reason-string | Require or revert statement must have a reason string and check that each reason string is at most N characters long. | ✔️ |
| constructor-syntax | Constructors should use the new constructor keyword. | |
| named-parameters-function | Enforce using named parameters when invoking a function with more than N arguments |
| Rule Id | Error | Recommended |
|---|---|---|
| interface-starts-with-i | Interfaces name should start with I |
✔️ |
| quotes | Use double quotes for string literals. Values must be ‘single’ or ‘double’. | ✔️ |
| foundry-test-functions | Enforce naming convention on functions for Foundry test cases | |
| named-parameters-mapping | Solidity v0.8.18 introduced named parameters on the mappings definition | |
| named-return-values | Ensure function return parameters are named | ✔️ |
| private-vars-leading-underscore | Private and internal names must start with a single underscore. | |
| style-guide-casing | Check identifier and type name casing conforms to the style guide | ✔️ |
| use-forbidden-name | Avoid to use letters ‘I’, ‘l’, ‘O’ as identifiers. | ✔️ |
| imports-on-top | Import statements must be on top. | ✔️ |
| ordering | Check order of elements in file and inside each contract, according to the style guide | |
| visibility-modifier-order | Visibility modifier must be first in list of modifiers. | ✔️ |
| Rule Id | Error | Recommended |
|---|---|---|
| comprehensive-interface | Check that all public or external functions are override. This is iseful to make sure that the whole API is extracted in an interface. |
| Rule Id | Error | Recommended |
|---|---|---|
| non-state-vars-leading-underscore | Variables that are not in contract state should start with underscore. Conversely, variables that can cause an SLOAD/SSTORE should NOT start with an underscore. This makes it evident which operations cause expensive storage access when hunting for gas optimizations |
| Rule Id | Error | Recommended |
|---|---|---|
| avoid-call-value | Avoid to use “.call.value()()”. | ✔️ |
| avoid-low-level-calls | Avoid to use low level calls. | ✔️ |
| avoid-sha3 | Use “keccak256” instead of deprecated “sha3”. | ✔️ |
| avoid-suicide | Use “selfdestruct” instead of deprecated “suicide”. | ✔️ |
| avoid-throw | “throw” is deprecated, avoid to use it. | ✔️ |
| avoid-tx-origin | Avoid to use tx.origin. | ✔️ |
| check-send-result | Check result of “send” call. | ✔️ |
| compiler-version | Compiler version must satisfy a semver requirement. | ✔️ |
| func-visibility | Explicitly mark visibility in function. | ✔️ |
| multiple-sends | Avoid multiple calls of “send” method in single transaction. | ✔️ |
| no-complex-fallback | Fallback function must be simple. | ✔️ |
| no-inline-assembly | Avoid to use inline assembly. It is acceptable only in rare cases. | ✔️ |
| not-rely-on-block-hash | Do not rely on “block.blockhash”. Miners can influence its value. | ✔️ |
| not-rely-on-time | Avoid making time-based decisions in your business logic. | |
| reentrancy | Possible reentrancy vulnerabilities. Avoid state changes after transfer. | ✔️ |
| state-visibility | Explicitly mark visibility of state. | ✔️ |