Rust for Web 3.0

[ahmed-farid-dev]

Description of the issue

• Given Rust's growing adoption in Web3 and DeFi ecosystems, I’d like to propose adding new CodeQL queries that target recurring vulnerability patterns specific to these domains—such as unchecked authority, unsafe deserialization, and CPI-based reentrancy. These issues often follow consistent structures and could be systematically detected to improve security coverage for Rust smart contracts.

I’d love to contribute to expanding CodeQL’s coverage for Rust-based DeFi vulnerabilities since I have participated in many rust audit contest

[smowton]

Thanks for your interest -- contributions would be welcome; I recommend creating an experimental query directory under rust, mirroring for example the pattern seen at https://github.com/github/codeql/tree/main/java/ql/src/experimental, which would allow a query to potentially be accepted into the codeql repository without becoming selected by default for CodeQL and Code Scanning users.

[geoffw0]

Do you have any examples of unsafe deserialization in Rust?