SWC智能合约漏洞库

SWC ID
SWC-100/未声明函数可见性 SWC-101/整数溢出 SWC-102/使用过时的编译器 SWC-103/未锁定的pragma声明 SWC-104/未检查的调用范围值 SWC-105/无保护的以太币提款 SWC-106/无保护的SELFDESTRUCT指令 SWC-107/重入漏洞 SWC-108/未声明状态变量可见性 SWC-109/未初始化的存储指针 SWC-110/触发assert断言 SWC-111/使用过时的solidity函数 SWC-112/委托调用非可信合约 SWC-113/失败调用引发的DoS攻击 SWC-114/交易顺序依赖 SWC-115/利用tx.origin授权 SWC-116/使用区块值作为时间计量 SWC-117/签名的非唯一性 SWC-118/错误的构造函数名 SWC-119/影子状态变量 SWC-120/基于链属性的弱随机性 SWC-121/未保护签名重放攻击 SWC-122/缺乏适当的签名验证 SWC-123/违反require要求 SWC-124/写入任意存储位置 SWC-125/不正确的继承顺序 SWC-126/gas不足 SWC-127/函数类型变量任意跳转 SWC-128/利用区块gas限制的DoS攻击 SWC-129/笔误 SWC-130/使用反向控制字符 SWC-131/存在未使用的变量 SWC-132/依赖于以太币余额的逻辑 SWC-133/变长参数导致的哈希冲突 SWC-134/硬编码gas用量的消息调用 SWC-135/无效代码 SWC-136/未加密的链上私人数据
  1. 全部教程
  2. SWC智能合约漏洞库
  3. SWC智能合约漏洞库
  4. SWC-135/无效代码
在线工具推荐: Three.js AI纹理开发包 - YOLO合成数据生成器 - GLTF/GLB在线编辑 - 3D模型格式在线转换 - 可编程3D场景编辑器

SWC-135/无效代码

在Solidity中,可以编写未产生预期效果的代码。当前,solidity编译器将不会为无效代码返回警告。 这可能导致引入无法正确执行预期动作的“死”代码。

例如,msg.sender.call.value(address(this).balance)("");很容易漏掉最后的括号,这可能导致 函数继续执行而无需将资金转入msg.sender。虽然,应该通过检查call的返回值来避免这种情况。

CWE漏洞分类

CWE-1164:不相关的代码

整改方案

务必确保合约按预期工作,这一点很重要。编写单元测试以验证代码的正确行为。

参考文献

示例合约

deposit_box.sol

pragma solidity ^0.5.0;

contract DepositBox {
    mapping(address => uint) balance;

    // Accept deposit
    function deposit(uint amount) public payable {
        require(msg.value == amount, 'incorrect amount');
        // Should update user balance
        balance[msg.sender] == amount;
    }
}

deposit_box.yaml

description: Deposit box with effect-free statement
issues:
- id: SWC-135
  count: 1
  locations: 
  - bytecode_offsets: {}
    line_numbers:
      deposit_box.sol: [10]

deposit_box_fixed.sol

pragma solidity ^0.5.0;

contract DepositBox {
    mapping(address => uint) balance;

    // Accept deposit
    function deposit(uint amount) public payable {
        require(msg.value == amount, 'incorrect amount');
        // Should update user balance
        balance[msg.sender] = amount;
    }
}

deposit_box_fixed.yaml

description: Deposit box with effect -free statement (fixed)
issues:
- id: SWC-135
  count: 0
  locations: []

wallet.sol

/*
 * @author: Kaden Zipfel
 */

pragma solidity ^0.5.0;

contract Wallet {
    mapping(address => uint) balance;

    // Deposit funds in contract
    function deposit(uint amount) public payable {
        require(msg.value == amount, 'msg.value must be equal to amount');
        balance[msg.sender] = amount;
    }

    // Withdraw funds from contract
    function withdraw(uint amount) public {
        require(amount <= balance[msg.sender], 'amount must be less than balance');

        uint previousBalance = balance[msg.sender];
        balance[msg.sender] = previousBalance - amount;

        // Attempt to send amount from the contract to msg.sender
        msg.sender.call.value(amount);
    }
}

wallet.yaml

description: Wallet contract with effect-free statement
issues:
- id: SWC-135
  count: 1
  locations: 
  - bytecode_offsets: {}
    line_numbers:
      wallet.sol: [24]

wallet_fixed.sol

/*
 * @author: Kaden Zipfel
 */

pragma solidity ^0.5.0;

contract Wallet {
    mapping(address => uint) balance;

    // Deposit funds in contract
    function deposit(uint amount) public payable {
        require(msg.value == amount, 'msg.value must be equal to amount');
        balance[msg.sender] = amount;
    }

    // Withdraw funds from contract
    function withdraw(uint amount) public {
        require(amount <= balance[msg.sender], 'amount must be less than balance');

        uint previousBalance = balance[msg.sender];
        balance[msg.sender] = previousBalance - amount;

        // Attempt to send amount from the contract to msg.sender
        (bool success, ) = msg.sender.call.value(amount)("");
        require(success, 'transfer failed');
    }
}

wallet_fixed.yaml

description: Wallet contract with effect-free statement (fixed)
issues:
- id: SWC-135
  count: 0
  locations: []
在线互动课程