Home / unionlabs / union
Repository Analysis

unionlabs/union

The trust-minimized, zero-knowledge bridging protocol, designed for censorship resistance, extremely high security, and usage in decentralized finance.

1.8 Likely human-written View on GitHub
1.8
Adjusted Score
1.8
Raw Score
100%
Time Factor
2026-05-28
Last Push
74,029
Stars
Rust
Language
440,633
Lines of Code
2696
Files
681
Pattern Hits
2026-05-31
Scan Date

Score History

Severity Breakdown

CRITICAL 9HIGH 0MEDIUM 12LOW 660

Pattern Findings

681 matches across 10 categories. Click a row to expand file-level details.

Over-Commented Block630 hits · 628 pts
SeverityFileLineSnippet
LOWts-sdk-evm/src/internal/zkgmClient.ts301 // Effect.flatMap(
LOWsui/muno/Move.toml21muno = "0x0"
LOWsui/u/Move.toml21u = "0x0"
LOWcosmwasm/lightclient/movement/src/lib.rs1pub mod client;
LOWcosmwasm/lightclient/movement/src/lib.rs21 // // )
LOWcosmwasm/lightclient/movement/src/lib.rs41 // let state_proof: StateProof = serde_json::from_str(
LOWcosmwasm/lightclient/movement/src/lib.rs61
LOWcosmwasm/lightclient/movement/src/lib.rs81 // );
LOWcosmwasm/lightclient/attested/src/execute.rs121 Ok(Response::new().add_event(event))
LOWcosmwasm/lightclient/tendermint/src/client.rs401 .chain(key)
LOWcosmwasm/lightclient/tendermint/src/client.rs421// FROZEN_HEIGHT,
LOWcosmwasm/lightclient/tendermint/src/client.rs441// );
LOWcosmwasm/lightclient/tendermint/src/client.rs461// );
LOWcosmwasm/lightclient/tendermint/src/client.rs481// .unwrap(),
LOWcosmwasm/lightclient/tendermint/src/client.rs501// save_states_to_migrate_store(
LOWcosmwasm/lightclient/tendermint/src/client.rs521// deps.as_ref(),
LOWcosmwasm/lightclient/tendermint/src/client.rs541
LOWcosmwasm/lightclient/tendermint/src/client.rs561// s.upgrade_path.push(String::new()),
LOWcosmwasm/lightclient/tendermint/src/client.rs581// );
LOWcosmwasm/lightclient/cometbls/src/client.rs321}
LOWcosmwasm/lightclient/cometbls/src/client.rs341
LOWcosmwasm/lightclient/cometbls/src/client.rs361// )
LOWcosmwasm/lightclient/cometbls/src/client.rs381// WasmClientState,
LOWcosmwasm/lightclient/cometbls/src/client.rs401// }
LOWcosmwasm/lightclient/cometbls/src/client.rs421// );
LOWcosmwasm/lightclient/cometbls/src/client.rs441// );
LOWcosmwasm/lightclient/cometbls/src/client.rs461// wasm_consensus_state,
LOWcosmwasm/lightclient/cometbls/src/client.rs481// &state,
LOWcosmwasm/lightclient/cometbls/src/client.rs501
LOWcosmwasm/lightclient/berachain/src/errors.rs81
LOWcosmwasm/cw20-base/src/msg.rs41#[cw_serde]
LOWcosmwasm/deployer/src/main.rs81 #[arg(long)]
LOW…sm/osmosis-tokenfactory-token-minter/src/bank_types.rs41/// - Metadata:
LOWcosmwasm/on-zkgm-call-proxy/src/lib.rs61 /// Funds that should be forwarded to the destination contract.
LOWcosmwasm/core/msg/src/lightclient.rs41#[cfg_attr(feature = "schemars", derive(schemars::JsonSchema))]
LOWcosmwasm/core/msg/src/lightclient.rs61 #[serde(untagged)]
LOWcosmwasm/core/msg/src/lightclient.rs161#[cfg_attr(feature = "schemars", derive(schemars::JsonSchema))]
LOWcosmwasm/core/msg/src/lightclient.rs181 pub counterparty_chain_id: String,
LOWcosmwasm/core/msg/src/lightclient.rs201pub enum VerifyCreationResponseEvent {
LOWcosmwasm/core/light-client-interface/src/lib.rs441 type ClientState: Decode<Self::Encoding, Error: Error + 'static>
LOWcosmwasm/app/ucs03-zkgm/src/state.rs41/// Temporarily stores the acknowledgement from packet execution.
LOWcosmwasm/app/ucs03-zkgm/src/contract.rs1521 channel_id: packet.destination_channel_id,
LOWcosmwasm/app/ucs03-zkgm/src/contract.rs1541 // account, and queue the *same* sub messages. In this case, the instantiation will return with
LOWcosmwasm/app/ucs03-zkgm/src/msg.rs21
LOWcosmwasm/app/ucs03-zkgm/src/msg.rs41 pub dummy_code_id: u64,
LOWcosmwasm/access-managed/src/lib.rs1//! CosmWasm implementation of [OpenZeppelin][oz]'s [`AccessManaged.sol`][am].
LOWcosmwasm/cw20-wrapped-tokenfactory/src/msg.rs81 /// Returns metadata on the contract - name, decimals, supply, etc.
LOWcosmwasm/cw-escrow-vault/src/msg.rs21
LOWcosmwasm/ucs03-zkgm-token-minter-api/src/lib.rs61 #[serde(alias = "cw20_base_code_id")]
LOWcosmwasm/ucs03-zkgm-token-minter-api/src/lib.rs101
LOWcosmwasm/ucs03-zkgm-token-minter-api/src/lib.rs121 CreateDenom {
LOWcosmwasm/ucs03-zkgm-token-minter-api/src/lib.rs141 CreateDenomV2 {
LOWcosmwasm/lst-staker/src/lib.rs1// License text copyright (c) 2020 MariaDB Corporation Ab, All Rights Reserved.
LOWcosmwasm/lst-staker/src/lib.rs21//
LOWcosmwasm/lst-staker/src/lib.rs41//
LOWcosmwasm/lst-staker/src/event.rs1// License text copyright (c) 2020 MariaDB Corporation Ab, All Rights Reserved.
LOWcosmwasm/lst-staker/src/event.rs21//
LOWcosmwasm/lst-staker/src/event.rs41//
LOWcosmwasm/lst-staker/src/state.rs1// License text copyright (c) 2020 MariaDB Corporation Ab, All Rights Reserved.
LOWcosmwasm/lst-staker/src/state.rs21//
570 more matches not shown…
Hallucination Indicators9 hits · 90 pts
SeverityFileLineSnippet
CRITICALcosmwasm/lightclient/parlia/src/client.rs274 Timestamp::from_nanos(self.ctx.env.block.time.nanos())
CRITICALvoyager/plugins/client-update/parlia/src/main.rs461 logs_bloom: Box::new(block.header.inner.logs_bloom.0.into()),
CRITICALapp2/src/lib/dashboard/components/Leaderboard.svelte109 ? dashboard.leaderboard.value.leaderboard.value.slice(0, validatedShow)
CRITICALe2e/access-manager-tests/src/main.rs417 block.block.header.time.seconds.inner() as u64 > when.get()
CRITICALe2e/access-manager-tests/src/main.rs523 block.block.header.time.seconds.inner() as u64 > when.get()
CRITICALe2e/access-manager-tests/src/main.rs626 block.block.header.time.seconds.inner() as u64 > when.get()
CRITICALe2e/access-manager-tests/src/main.rs760 block.block.header.time.seconds.inner() as u64 > when.get()
CRITICALe2e/access-manager-tests/src/main.rs905 block.block.header.time.seconds.inner() as u64 > grant_role_schedule_when.get()
CRITICALe2e/access-manager-tests/src/main.rs906 && block.block.header.time.seconds.inner() as u64 > execute_schedule_when.get()
Hyper-Verbose Identifiers26 hits · 26 pts
SeverityFileLineSnippet
LOWtools/union-test/src/evm.rs1068 function predictStakeManagerAddress() public view returns (ZkgmERC721) ;
LOWapp2/src/lib/dashboard/errors.ts57export function mapSupabaseErrorToCustomError(
LOWapp2/src/lib/dashboard/components/WalletDisplay.svelte171function handleRemoveSelectedWallets() {
LOWapp2/src/lib/dashboard/components/WalletDialog.svelte110function selectCosmosAndSetDefaults() {
LOWapp2/src/lib/dashboard/components/Leaderboard.svelte39async function validateAndCacheImage(url: string): Promise<boolean> {
LOWapp2/src/lib/dashboard/components/WalletCard.svelte14function getChainDisplayNameForAvatar(chainId: string): string {
LOWapp2/src/lib/dashboard/components/WalletCard.svelte21function getChainDisplayNameForTitle(chainId: string, cat: WalletCategory): string {
LOWapp2/src/lib/wallet/sui/config.svelte.ts100function getConnectionErrorMessage(error: unknown): string | undefined {
LOWapp2/src/lib/wallet/evm/config.svelte.ts40function clearLastConnectedWalletId() {
LOWapp2/src/lib/wallet/evm/wagmi-config.svelte.ts350function createWagmiConfigInstance() {
LOWapp2/src/routes/explorer/orbital/canvasInit.ts64export function initializeCanvasWithCleanup(options: EnhancedCanvasInitOptions): () => void {
LOW…outes/explorer/orbital/charts/NetworkVisualizer.svelte178function createParticleFromTransfer(transfer: EnhancedTransferListItem) {
LOW…c/routes/explorer/orbital/charts/ChainFlowChart.svelte206function getAssetIncomingOutgoingWidths(
LOW…c/routes/explorer/orbital/charts/ChainFlowChart.svelte228function getIncomingOutgoingWidths(
LOW…routes/explorer/orbital/charts/AssetVolumeChart.svelte166function calculateRemainingRoutePercentage(routes: AssetRoute[]): number {
LOWsite/src/lib/contentful/live-preview.ts12export function initializeContentfulLivePreview({
LOWsite/src/lib/contentful/live-preview.ts70function findElementByDataAttribute({ entryId, fieldId }: { entryId: string; fieldId: string }) {
LOWsite/src/lib/contentful/functions.ts15export function initializeContentfulLivePreview({
LOWsite/src/lib/contentful/functions.ts138export function findElementByDataAttribute({
LOWtypescript-sdk/src/cosmos/wallet.ts21export function connectStargateWithSigner({
LOWtypescript-sdk/src/cosmos/wallet.ts56export function connectCosmwasmWithSigner({
LOWtypescript-sdk/src/cosmos/transfer.ts376export async function cosmosSameChainTransferSimulate({
LOWtypescript-sdk/src/evm/transfer.ts245export async function transferAssetFromEvmSimulate(
LOWtypescript-sdk/src/query/on-chain.ts244export async function getCosmosTransactionReceipt(params: {
LOWtypescript-sdk/src/query/on-chain.ts269export async function getCosmosAccountTransactions({
LOWtypescript-sdk/src/query/on-chain.ts295export async function getAptosAccountTransactions({
Self-Referential Comments5 hits · 15 pts
SeverityFileLineSnippet
MEDIUMcairo/zkgm/snfoundry.toml4# [sncast.default] # Define a profile name
MEDIUMcairo/ibc/snfoundry.toml4# [sncast.default] # Define a profile name
MEDIUMcairo/mock_client/snfoundry.toml4# [sncast.default] # Define a profile name
MEDIUMcairo/cometbls_light_client/snfoundry.toml4# [sncast.default] # Define a profile name
MEDIUMcairo/loopback_light_client/snfoundry.toml4# [sncast.default] # Define a profile name
Decorative Section Separators4 hits · 12 pts
SeverityFileLineSnippet
MEDIUMCargo.toml466# =====================
MEDIUMCargo.toml468# =====================
MEDIUMapp2/src/lib/gasprice/index.ts202 // ── MOCKED SUI GAS PRICE ─────────────────────────────────────────────
MEDIUMlib/arbitrum-types/src/lib.rs258 /// ├───────────┼─┼─┼───────────────┼───────────────┼──────────────┤
AI Slop Vocabulary2 hits · 6 pts
SeverityFileLineSnippet
MEDIUMvoyager/plugins/periodic-client-update/src/main.rs53 // never interested in any messages since this plugin does not utilize a queue
MEDIUMlib/voyager-vm/src/lib.rs161 /// The message that will utilize the aggregated data.
Verbosity Indicators2 hits · 3 pts
SeverityFileLineSnippet
LOWtypescript-sdk/src/query/offchain/ucs03-channels.ts196 // Step 1: Get the local WETH address
LOWtypescript-sdk/src/query/offchain/ucs03-channels.ts214 // Step 2: Predict the quote token for WETH, just like a regular token
Slop Phrases1 hit · 2 pts
SeverityFileLineSnippet
MEDIUMcosmwasm/cw20-base/src/lib.rs2This is a basic implementation of a cw20 contract. It implements
Redundant / Tautological Comments1 hit · 2 pts
SeverityFileLineSnippet
LOWunionvisor/src/testdata/home/config/config.toml254# Set true to enable the peer-exchange reactor
Fake / Example Data1 hit · 1 pts
SeverityFileLineSnippet
LOWmpc/edge/supabase/seed.sql177 display_name text NOT NULL DEFAULT ('John Doe')