Releases: zanzarini/EVMGuard
EVMGuard v1.3.0
Adds batch and multicall decoding.
Added
- The analyzer now unwraps batched calls and recursively analyzes each inner call, so a dangerous action hidden inside a batch is caught instead of reported as an unknown selector. Supported wrappers:
- Multicall3
aggregate,aggregate3,aggregate3Value,tryAggregate - OpenZeppelin
multicall(bytes[]) - Gnosis Safe
multiSend(bytes)
- Multicall3
- Inner findings are labeled with their position and target, and a critical inner finding raises the overall severity. Nesting is followed up to a depth of 5.
- The decoder is dependency-free and bounds-checked; malformed batch calldata yields a
transaction.batch-malformedwarning rather than a failure.
Install with cargo install evmguard. Linux, Windows, and macOS binaries are attached below.
EVMGuard v1.2.1
Correctness patch over 1.2.0.
Fixed
- Calldata selector matching is now case insensitive. Uppercase or mixed-case calldata was previously mislabeled
transaction.unknown-selector, so an unlimited approval encoded in uppercase hex was not flagged as critical. - Maximum uint160 detection now requires a full 32-byte word, removing a latent false positive.
- TOML configuration rejects unknown keys, so a misspelled section or rule name is reported instead of silently ignored.
- SARIF rule severity now reflects the highest severity seen per rule id.
- The preflight, trace, and proxy usage strings list
--config, and the--rpc-urlrejection message names the correct command.
Linux, Windows, and macOS binaries are attached below.
EVMGuard v1.2.0
Added
- ERC-20 allowance increase detection, with an unlimited-allowance finding for maximum values.
- ERC-20 permit (EIP-2612) signed approval detection, with an unlimited-allowance finding for maximum values.
- ERC-20 transfer and transferFrom detection for transaction context.
- Contract creation (CREATE and CREATE2) findings in execution traces.
- Uniswap Permit2 detection: allowance approve with an unlimited uint160 finding, signed permit and permitTransferFrom, and transferFrom.
Changed
- JSON and SARIF reports are now produced by a serializer, which sorts object keys and guarantees well-formed output.
Fixed
- JSON and SARIF rendering now escapes all control characters in the U+0000 to U+001F range, preventing invalid output.
Linux, Windows, and macOS binaries are attached below.
EVMGuard v1.1.0
EVMGuard v1.1.0 expands the project with Anvil integration testing, coverage artifacts, release binaries, configurable high-risk recipients, and new transaction risk findings.
This release detects NFT operator approvals, privileged contract actions, zero-address recipients, and configured high-risk recipients.
Validation completed with Rust tests, Anvil integration, coverage reporting, and GitHub Actions.
EVMGuard v1.0.0
First stable release of EVMGuard.
Includes transaction inspection, JSON-RPC preflight, call trace analysis, EIP-1967 and UUPS proxy inspection, TOML configuration, compiled rule packs, JSON and SARIF reporting, and continuous integration.
Validation completed with cargo fmt, cargo clippy, cargo test, and GitHub Actions.
EVMGuard v0.1.0
Highlights
- Static ERC-20 approval inspection.
- RPC preflight with chain validation and gas estimation.
- EVM call trace analysis for delegate calls, internal transfers, and execution errors.
- EIP-1967 and UUPS proxy inspection.
- SARIF 2.1.0 reports and a manual Code Scanning workflow.
Validation
The release commit passed formatting, lint, unit tests, integration tests, and GitHub Actions CI.