genvm-recon — Static Analyzer for GenLayer Intelligent Contracts

Checks

Check	Severity	Description
runner_id	HIGH	Missing or non-pinned runner ID
storage_annotations	CRITICAL	Fields set in __init__ without class-level annotation — state not persisted
nondet_pattern	CRITICAL	exec_prompt called directly in @gl.public.write
self_in_nondet	CRITICAL	self.* accessed inside leader_fn / validator_fn
import_style	MEDIUM	from genlayer import * is deprecated — use import genlayer as gl
constructor_arg_types	HIGH	Unsupported types in storage (int, list, dict, float)
nondet_result_unused	HIGH	run_nondet_unsafe() result not assigned to storage
missing_return_type	MEDIUM	Missing return type on public methods — breaks schema
dead_write_method	LOW	@gl.public.write never modifies storage — use @gl.public.view
gl_contract_base	HIGH	Bare Contract base class — use gl.contract.Contract

Calldata Fuzzer — Derived from confirmed GenVM CVEs

Generates malformed calldata payloads based on two confirmed GenVM vulnerabilities:
CVE-1 Vec::with_capacity OOM via attacker-controlled array length (250pt accepted)
CVE-2 leader_nondet_results empty-element panic (submitted Jun 12 2026)