SWC-129/笔误
例如,当已定义操作的意图是将一个数字与变量求和(+=),但意外地使用了错误的操作(=+) 就会出现笔误,而这恰好是有效的操作符,这不是计算总和,而是再次初始化变量。
一元+运算符在新的Solidity编译器版本中已弃用。
CWE漏洞分类
整改方案
可以通过对任何数学运算执行先决条件检查或使用经过审查的库进行算术计算来避免此问题, 例如OpenZeppelin开发的SafeMath。
参考文献
示例合约
typo_one_command.sol
pragma solidity ^0.4.25;
contract TypoOneCommand {
uint numberOne = 1;
function alwaysOne() public {
numberOne =+ 1;
}
}
typo_one_command.yaml
description: Typographical error in an operation of summing a variable (uint) with 1
issues:
- id: SWC-129
count: 1
locations:
- bytecode_offsets: {}
line_numbers:
typo_one_command.sol: [7]
typo_safe_math.sol
pragma solidity ^0.4.25;
/** Taken from the OpenZeppelin github
* @title SafeMath
* @dev Math operations with safety checks that revert on error
*/
library SafeMath {
/**
* @dev Multiplies two numbers, reverts on overflow.
*/
function mul(uint256 a, uint256 b) internal pure returns (uint256) {
// Gas optimization: this is cheaper than requiring 'a' not being zero, but the
// benefit is lost if 'b' is also tested.
// See: https://github.com/OpenZeppelin/openzeppelin-solidity/pull/522
if (a == 0) {
return 0;
}
uint256 c = a * b;
require(c / a == b);
return c;
}
/**
* @dev Integer division of two numbers truncating the quotient, reverts on division by zero.
*/
function div(uint256 a, uint256 b) internal pure returns (uint256) {
require(b > 0); // Solidity only automatically asserts when dividing by 0
uint256 c = a / b;
// assert(a == b * c + a % b); // There is no case in which this doesn't hold
return c;
}
/**
* @dev Subtracts two numbers, reverts on overflow (i.e. if subtrahend is greater than minuend).
*/
function sub(uint256 a, uint256 b) internal pure returns (uint256) {
require(b <= a);
uint256 c = a - b;
return c;
}
/**
* @dev Adds two numbers, reverts on overflow.
*/
function add(uint256 a, uint256 b) internal pure returns (uint256) {
uint256 c = a + b;
require(c >= a);
return c;
}
/**
* @dev Divides two numbers and returns the remainder (unsigned integer modulo),
* reverts when dividing by zero.
*/
function mod(uint256 a, uint256 b) internal pure returns (uint256) {
require(b != 0);
return a % b;
}
}
contract TypoSafeMath {
using SafeMath for uint256;
uint256 public numberOne = 1;
bool public win = false;
function addOne() public {
numberOne =+ 1;
}
function addOneCorrect() public {
numberOne += 1;
}
function addOneSafeMath() public {
numberOne = numberOne.add(1);
}
function iWin() public {
if(!win && numberOne>3) {
win = true;
}
}
}
typo_safe_math.yaml
description: Typographical error in an operation of summing a variable (uint) with 1, it also includes a safe way to do it.
issues:
- id: SWC-129
count: 1
locations:
- bytecode_offsets: {}
line_numbers:
typo_safe_math.sol: [75]
typo_simple.sol
pragma solidity ^0.4.25;
contract TypoSimple {
uint onlyOne = 1;
bool win = false;
function addOne() public {
onlyOne =+ 1;
if(onlyOne>1) {
win = true;
}
}
function iWin() view public returns (bool) {
return win;
}
}
typo_simple.yaml
description: Typographical error in an operation of summing a variable (uint) with 1
issues:
- id: SWC-129
count: 1
locations:
- bytecode_offsets: {}
line_numbers:
typo_simple.sol: [9]