| Rule Id | Error | Recommended | Deprecated |
|---|---|---|---|
| code-complexity | Function has cyclomatic complexity “current” but allowed no more than maxcompl. | ||
| explicit-types | Forbid or enforce explicit types (like uint256) that have an alias (like uint). | $~~~~~~~~$✔️ | |
| function-max-lines | Function body contains “count” lines but allowed no more than maxlines. | ||
| max-line-length | Line length must be no more than maxlen. | ||
| max-states-count | Contract has “some count” states declarations but allowed no more than maxstates. | $~~~~~~~~$✔️ | |
| no-console | No console.log/logInt/logBytesX/logString/etc & No hardhat and forge-std console.sol import statements. | $~~~~~~~~$✔️ | |
| no-empty-blocks | Code block has zero statements inside. Exceptions apply. | $~~~~~~~~$✔️ | |
| no-global-import | Import statement includes an entire file instead of selected symbols. | $~~~~~~~~$✔️ | |
| no-unused-import | Imported object name is not being used by the contract. | $~~~~~~~~$✔️ | |
| no-unused-vars | Variable “name” is unused. | $~~~~~~~~$✔️ | |
| one-contract-per-file | Enforces the use of ONE Contract per file see here | $~~~~~~~~$✔️ | |
| payable-fallback | When fallback is not payable and there is no receive function you will not be able to receive currency. | $~~~~~~~~$✔️ | |
| reason-string | Require or revert statement must have a reason string and check that each reason string is at most N characters long. | $~~~~~~~~$✔️ | |
| constructor-syntax | Constructors should use the new constructor keyword. |
| Rule Id | Error | Recommended | Deprecated |
|---|---|---|---|
| interface-starts-with-i | Solidity Interfaces names should start with an I |
||
| duplicated-imports | Check if an import is done twice in the same file and there is no alias | ||
| const-name-snakecase | Constant name must be in capitalized SNAKE_CASE. (Does not check IMMUTABLES, use immutable-vars-naming) | $~~~~~~~~$✔️ | |
| contract-name-capwords | Contract, Structs and Enums should be in CapWords. | $~~~~~~~~$✔️ | |
| event-name-capwords | Event name must be in CapWords. | $~~~~~~~~$✔️ | |
| foundry-test-functions | Enforce naming convention on functions for Foundry test cases | ||
| func-name-mixedcase | Function name must be in mixedCase. | $~~~~~~~~$✔️ | |
| func-named-parameters | Enforce named parameters for function calls with 4 or more arguments. This rule may have some false positives | ||
| func-param-name-mixedcase | Function param name must be in mixedCase. | ||
| immutable-vars-naming | Check Immutable variables. Capitalized SNAKE_CASE or mixedCase depending on configuration. | $~~~~~~~~$✔️ | |
| modifier-name-mixedcase | Modifier name must be in mixedCase. | ||
| named-parameters-mapping | Solidity v0.8.18 introduced named parameters on the mappings definition. | ||
| private-vars-leading-underscore | Non-external functions and state variables should start with a single underscore. Others, shouldn’t | ||
| use-forbidden-name | Avoid to use letters ‘I’, ‘l’, ‘O’ as identifiers. | $~~~~~~~~$✔️ | |
| var-name-mixedcase | Variable names must be in mixedCase. (Does not check IMMUTABLES, use immutable-vars-naming) | $~~~~~~~~$✔️ | |
| imports-on-top | Import statements must be on top. | $~~~~~~~~$✔️ | |
| imports-order | Order the imports of the contract to follow a certain hierarchy (read “Notes section”) | ||
| ordering | Check order of elements in file and inside each contract, according to the style guide | ||
| visibility-modifier-order | Visibility modifier must be first in list of modifiers. | $~~~~~~~~$✔️ |
| Rule Id | Error | Recommended | Deprecated |
|---|---|---|---|
| gas-calldata-parameters | Suggest calldata keyword on function arguments when read only | ||
| gas-custom-errors | Enforces the use of Custom Errors over Require with strings error and Revert statements | $~~~~~~~~$✔️ | |
| gas-increment-by-one | Suggest increments by one, like this ++i instead of other type | ||
| gas-indexed-events | Suggest indexed arguments on events for uint, bool and address | ||
| gas-length-in-loops | Suggest replacing object.length in a loop condition to avoid calculation on each lap | ||
| gas-multitoken1155 | ERC1155 is a cheaper non-fungible token than ERC721 | ||
| gas-named-return-values | Enforce the return values of a function to be named | ||
| gas-small-strings | Keep strings smaller than 32 bytes | ||
| gas-strict-inequalities | Suggest Strict Inequalities over non Strict ones | ||
| gas-struct-packing | Suggest to re-arrange struct packing order when it is inefficient |
| Rule Id | Error | Recommended | Deprecated |
|---|---|---|---|
| comprehensive-interface | Check that all public or external functions are overridden. This is useful to make sure that the whole API is extracted in an interface. | ||
| import-path-check | Check if an import file exits in target path | $~~~~~~~~$✔️ | |
| quotes | Enforces the use of double or simple quotes as configured for string literals. Values must be ‘single’ or ‘double’. | $~~~~~~~~$✔️ |
| Rule Id | Error | Recommended | Deprecated |
|---|---|---|---|
| avoid-call-value | Avoid to use “.call.value()()”. | $~~~~~~~~$✔️ | |
| avoid-low-level-calls | Avoid to use low level calls. | $~~~~~~~~$✔️ | |
| avoid-sha3 | Use “keccak256” instead of deprecated “sha3”. | $~~~~~~~~$✔️ | |
| avoid-suicide | Use “selfdestruct” instead of deprecated “suicide”. | $~~~~~~~~$✔️ | |
| avoid-throw | “throw” is deprecated, avoid to use it. | $~~~~~~~~$✔️ | |
| avoid-tx-origin | Avoid to use tx.origin. | $~~~~~~~~$✔️ | |
| check-send-result | Check result of “send” call. | $~~~~~~~~$✔️ | |
| compiler-version | Compiler version must satisfy a semver requirement. | $~~~~~~~~$✔️ | |
| func-visibility | Explicitly mark visibility in function. | $~~~~~~~~$✔️ | |
| multiple-sends | Avoid multiple calls of “send” method in single transaction. | $~~~~~~~~$✔️ | |
| no-complex-fallback | Fallback function must be simple. | $~~~~~~~~$✔️ | |
| no-inline-assembly | Avoid to use inline assembly. It is acceptable only in rare cases. | $~~~~~~~~$✔️ | |
| not-rely-on-block-hash | Do not rely on “block.blockhash”. Miners can influence its value. | $~~~~~~~~$✔️ | |
| not-rely-on-time | Avoid making time-based decisions in your business logic. | ||
| reentrancy | Possible reentrancy vulnerabilities. Avoid state changes after transfer. | $~~~~~~~~$✔️ | |
| state-visibility | Explicitly mark visibility of state. | $~~~~~~~~$✔️ |