Variant Analysis
This skill helps you multiply the value of a single finding by locating similar vulnerabilities elsewhere.
1. The Pivot
Once you find a bug (e.g., "Missing usage of checked_add in function A"):
- •Abstract the Pattern: "Arithmetic operation on user input without checks".
- •Search:
grepfor other occurrences of the same pattern.
2. Common MultiversX Variants
- •Missing Payable Check:
- •Found: One endpoint accepts payment but doesn't check
call_value(). - •Variant Search: Check ALL
#[payable("*")]endpoints.
- •Found: One endpoint accepts payment but doesn't check
- •Unbounded Iteration:
- •Found: Iterating a
VecMapperincompute_reward. - •Variant Search:
grep -r "iter()"on all mappers.
- •Found: Iterating a
- •Async Callback Revert:
- •Found: Callback
Xdoesn't revert state on failure. - •Variant Search: Check ALL
#[callback]functions.
- •Found: Callback
3. Automation
- •Use
mvx_static_analysis(Semgrep) to create a temporary rule for the variant.