SWC智能合约漏洞库

SWC-118/错误的构造函数名

构造函数是特殊函数,仅在合约创建期间调用一次。构造函数通常执行关键的特权操作, 例如设置合约所有者。在Solidity 0.4.22版之前,定义构造函数的唯一方法是创建一个 与包含它的合约类同名的函数。如果要成为构造函数的函数名称与合约类名称不完全匹配, 则该函数将成为常规的可调用函数。此行为有时会导致安全问题,尤其是当智能合约代码 以其他名称重复使用但忘记更改构造函数名称时。

CWE漏洞分类

CWE-665:初始化不正确

整改方案

Solidity版本0.4.22引入了一个新constructor关键字,使构造函数定义更清晰。因此, 建议将合约升级到Solidity编译器的最新版本,并更改​​为新的构造函数声明。

参考文献

SigmaPrime-构造函数

合约示例

correct_constructor_name1.sol

/*
 * @source: https://github.com/trailofbits/not-so-smart-contracts/blob/master/wrong_constructor_name/incorrect_constructor.sol
 * @author: Ben Perez
 * Modified by Gerhard Wagner
 */


pragma solidity 0.4.24;

contract Missing{
    address private owner;

    modifier onlyowner {
        require(msg.sender==owner);
        _;
    }

    function missing()
        public 
    {
        owner = msg.sender;
    }

    function () payable {} 

    function withdraw() 
        public 
        onlyowner
    {
       owner.transfer(this.balance);
    }
}

correct_constructor_name1.yaml

description: Invalid constructor name variant 1
issues:
- id: SWC-118
  count: 1
  locations:
  - bytecode_offsets: {}
    line_numbers:
      incorrect_constructor_name1.sol: [18]

correct_constructor_name1_fixed.sol

/*
 * @source: https://github.com/trailofbits/not-so-smart-contracts/blob/master/wrong_constructor_name/incorrect_constructor.sol
 * @author: Ben Perez
 * Modified by Gerhard Wagner
 */


pragma solidity ^0.4.24;

contract Missing{
    address private owner;

    modifier onlyowner {
        require(msg.sender==owner);
        _;
    }

    constructor()
        public
    {
        owner = msg.sender;
    }

    function () payable {}

    function withdraw()
        public
        onlyowner
    {
       owner.transfer(this.balance);
    }
}

correct_constructor_name1_fixed.yaml

description: Invalid constructor name variant 1 fixed
issues:
- id: SWC-118
  count: 0
  locations: []

correct_constructor_name2.sol

/*
 * @source: https://github.com/trailofbits/not-so-smart-contracts/blob/master/wrong_constructor_name/incorrect_constructor.sol
 * @author: Ben Perez
 * Modified by Gerhard Wagner
 */

pragma solidity 0.4.24;

contract Missing{
    address private owner;

    modifier onlyowner {
        require(msg.sender==owner);
        _;
    }

    function Constructor()
        public 
    {
        owner = msg.sender;
    }

    function () payable {} 

    function withdraw() 
        public 
        onlyowner
    {
       owner.transfer(this.balance);
    }

}

correct_constructor_name2.yaml

description: Invalid constructor name variant 2
issues:
- id: SWC-118
  count: 1
  locations:
  - bytecode_offsets: {}
    line_numbers:
      incorrect_constructor_name2.sol: [17]

correct_constructor_name2_fixed.sol

/*
 * @source: https://github.com/trailofbits/not-so-smart-contracts/blob/master/wrong_constructor_name/incorrect_constructor.sol
 * @author: Ben Perez
 * Modified by Gerhard Wagner
 */

pragma solidity ^0.4.24;

contract Missing{
    address private owner;

    modifier onlyowner {
        require(msg.sender==owner);
        _;
    }

    constructor()
        public
    {
        owner = msg.sender;
    }

    function () payable {}

    function withdraw()
        public
        onlyowner
    {
       owner.transfer(this.balance);
    }

}

correct_constructor_name2_fixed.yaml

description: Invalid constructor name variant 2 fixed
issues:
- id: SWC-118
  count: 0
  locations: []