id,severity,category,name,description,vulnerable_code,secure_code,explanation
1,critical,access,missing-sender-check,"No tx-sender validation","(define-public (withdraw (amount uint)) (stx-transfer? amount (as-contract tx-sender) recipient))","(define-public (withdraw (amount uint)) (begin (asserts! (is-eq tx-sender owner) ERR-UNAUTHORIZED) (stx-transfer? amount (as-contract tx-sender) tx-sender)))","Always verify tx-sender for sensitive operations"
2,critical,access,missing-owner-check,"Owner-only function not protected","(define-public (set-fee (new-fee uint)) (ok (var-set fee new-fee)))","(define-public (set-fee (new-fee uint)) (begin (asserts! (is-eq tx-sender (var-get owner)) ERR-UNAUTHORIZED) (ok (var-set fee new-fee))))","Admin functions must check ownership"
3,critical,errors,unchecked-transfer,"Transfer without error handling","(stx-transfer? amount tx-sender recipient)","(try! (stx-transfer? amount tx-sender recipient))","Always check transfer return values with try! or unwrap!"
4,high,reentrancy,state-after-call,"State updated after external call","(begin (contract-call? .other transfer) (var-set balance u0))","(begin (var-set balance u0) (contract-call? .other transfer))","Update state before external calls to prevent reentrancy"
5,high,arithmetic,unchecked-subtraction,"Subtraction can underflow","(- balance amount)","(if (>= balance amount) (- balance amount) u0)","Check before subtracting uints to prevent underflow"
6,high,arithmetic,division-by-zero,"No zero divisor check","(/ total count)","(if (> count u0) (/ total count) u0)","Always check divisor > 0 before division"
7,high,validation,missing-amount-check,"Zero amount not validated","(define-public (transfer (amount uint)) ...)","(begin (asserts! (> amount u0) ERR-INVALID-AMOUNT) ...)","Reject zero amounts to prevent useless transactions"
8,medium,validation,missing-address-check,"Self-transfer not prevented","(ft-transfer? token amount sender recipient)","(begin (asserts! (not (is-eq sender recipient)) ERR-SELF-TRANSFER) (ft-transfer? token amount sender recipient))","Prevent sender = recipient to avoid bugs"
9,medium,access,unprotected-mint,"Anyone can mint tokens","(define-public (mint (amount uint)) (ft-mint? token amount tx-sender))","(define-public (mint (amount uint)) (begin (asserts! (is-eq tx-sender minter) ERR-UNAUTHORIZED) (ft-mint? token amount tx-sender)))","Restrict minting to authorized addresses only"
10,medium,access,tx-sender-vs-caller,"Wrong sender check","(asserts! (is-eq contract-caller owner) ERR-UNAUTHORIZED)","(asserts! (is-eq tx-sender owner) ERR-UNAUTHORIZED)","Use tx-sender for auth not contract-caller"
11,low,gas,unbounded-loop,"Loop without size limit","(map process-item (list-get items))","(begin (asserts! (<= (len items) u100) ERR-TOO-MANY) (map process-item items))","Limit iteration count to prevent excessive gas"
12,low,clarity,magic-numbers,"Hardcoded values","(if (> fee u100) ...)","(define-constant MAX-FEE u100) (if (> fee MAX-FEE) ...)","Use named constants for clarity and maintainability"
13,low,style,missing-error-constant,"Inline error codes","(err u100)","(define-constant ERR-UNAUTHORIZED (err u100))","Define error codes as named constants"
14,informational,docs,missing-comments,"No function documentation","(define-public (transfer (amount uint)) ...)",";;@desc Transfer tokens\n(define-public (transfer (amount uint)) ...)","Add comments to explain function purpose"
15,informational,naming,non-kebab-case,"Wrong naming convention","(define-public (transferTokens ...)","(define-public (transfer-tokens ...)","Use kebab-case for all identifiers"
