Adding the missing assignment rule

Author: beched

README.md

@@ -134,6 +134,8 @@ olympus-dao-staking-incorrect-call-order | OlympusDAO, FloorDAO, Heavens Gate, J
 compound-precision-loss | Hundred Finance, Midas Finance, Onyx Protocol | In Compound forks if there is a market with totalSupply = 0 and collateralFactor != 0 a precision loss attack is possible if redeemAmount is taken from the arguments of redeemFresh()
 thirdweb-vulnerability | Swopple Token, TIME Token, NAME Token, HXA Token | In contracts that support Multicall and ERC2771Context an Arbitrary Address Spoofing attack is possible
 exact-balance-check | Generic | Testing the balance of an account as a basis for some action has risks associated with unexpected receipt of ether or another token, including tokens deliberately transfered to cause such tests to fail, as an MEV attack.
+missing-assignment | Generic | Meaningless statement that does not change any values could be a sign of missed security checks or other important changes.
+
 
 ## Gas Optimization Rules
 

solidity/security/missing-assignment.sol

@@ -0,0 +1,53 @@
+contract Test {
+	// ok: missing-assignment
+    struct Kek {
+    	// ok: missing-assignment
+        mapping(uint256 => uint256) lol;
+    }
+
+    // ok: missing-assignment
+    function smth(uint256 _id) {
+    	// ok: missing-assignment
+        Kek puk;
+        // ruleid: missing-assignment
+        puk.lol[_id];
+        // ok: missing-assignment
+        uint256 haha = 123;
+        // ok: missing-assignment
+        haha = 321;
+        // ruleid: missing-assignment
+        haha;
+        // ruleid: missing-assignment
+        haha == 123;
+        // ok: missing-assignment
+        haha += 1;
+        // ok: missing-assignment
+        haha -= 1;
+        // ok: missing-assignment
+        haha++;
+        // ok: missing-assignment
+        haha--;
+        // ok: missing-assignment
+        --haha;
+        // ok: missing-assignment
+        ++haha;
+        // ok: missing-assignment
+        return haha;
+    }
+
+    // ok: missing-assignment
+    function doit(uint256 a) {}
+
+    function heh(uint256 _id) {
+    	// ok: missing-assignment
+        Kek puk;
+        // ok: missing-assignment
+        doit(puk.lol[_id]);
+        // ok: missing-assignment
+        doit(puk.lol[_id]);
+        // ruleid: missing-assignment
+        "heh";
+        // ok: missing-assignment
+        return;
+    }    
+}

solidity/security/missing-assignment.yaml

@@ -0,0 +1,47 @@
+rules:
+  - id: missing-assignment
+    message: Meaningless statement that does not change any values could be a sign of missed security checks or other important changes.
+    metadata:
+      category: security
+      technology:
+          - solidity
+      cwe: "CWE-1164: Irrelevant Code"
+      confidence: HIGH
+      likelihood: HIGH
+      impact: MEDIUM
+      subcategory:
+          - vuln
+    patterns:
+      - pattern-either:
+        - pattern: |
+            $X;
+        - pattern: |
+            $X[$Y];
+        - pattern: |
+            $X == $Y;
+      - pattern-not: $FUNC(...);
+      - pattern-not: $FUNC();
+      - pattern-not: $VAR++;
+      - pattern-not: $VAR--;
+      - pattern-not: ++$VAR;
+      - pattern-not: --$VAR;
+      - pattern-not: ... = ...;
+      - pattern-not: ... += ...;
+      - pattern-not: ... -= ...;
+      - pattern-not: $TYPE $VAR;
+      - pattern-not: return $VAR;
+      - pattern-not: return;
+      - pattern-not: continue;
+      - pattern-not: break;
+      - pattern-not: _;
+      - pattern-not: error $NAME();
+      - pattern-not: error $NAME($ARGS);
+      #- pattern-not: function $NAME($ARGS) virtual {} # doesn't work
+      - pattern-not: | # let's not match empty function bodies
+          {}
+      - metavariable-regex:
+          metavariable: $X
+          regex: "^\\S+$"
+    languages:
+      - solidity
+    severity: WARNING