SWC-135/无效代码
在Solidity中,可以编写未产生预期效果的代码。当前,solidity编译器将不会为无效代码返回警告。 这可能导致引入无法正确执行预期动作的“死”代码。
例如,msg.sender.call.value(address(this).balance)("");
很容易漏掉最后的括号,这可能导致
函数继续执行而无需将资金转入msg.sender。虽然,应该通过检查call的返回值来避免这种情况。
CWE漏洞分类
整改方案
务必确保合约按预期工作,这一点很重要。编写单元测试以验证代码的正确行为。
参考文献
示例合约
deposit_box.sol
pragma solidity ^0.5.0;
contract DepositBox {
mapping(address => uint) balance;
// Accept deposit
function deposit(uint amount) public payable {
require(msg.value == amount, 'incorrect amount');
// Should update user balance
balance[msg.sender] == amount;
}
}
deposit_box.yaml
description: Deposit box with effect-free statement
issues:
- id: SWC-135
count: 1
locations:
- bytecode_offsets: {}
line_numbers:
deposit_box.sol: [10]
deposit_box_fixed.sol
pragma solidity ^0.5.0;
contract DepositBox {
mapping(address => uint) balance;
// Accept deposit
function deposit(uint amount) public payable {
require(msg.value == amount, 'incorrect amount');
// Should update user balance
balance[msg.sender] = amount;
}
}
deposit_box_fixed.yaml
description: Deposit box with effect -free statement (fixed)
issues:
- id: SWC-135
count: 0
locations: []
wallet.sol
/*
* @author: Kaden Zipfel
*/
pragma solidity ^0.5.0;
contract Wallet {
mapping(address => uint) balance;
// Deposit funds in contract
function deposit(uint amount) public payable {
require(msg.value == amount, 'msg.value must be equal to amount');
balance[msg.sender] = amount;
}
// Withdraw funds from contract
function withdraw(uint amount) public {
require(amount <= balance[msg.sender], 'amount must be less than balance');
uint previousBalance = balance[msg.sender];
balance[msg.sender] = previousBalance - amount;
// Attempt to send amount from the contract to msg.sender
msg.sender.call.value(amount);
}
}
wallet.yaml
description: Wallet contract with effect-free statement
issues:
- id: SWC-135
count: 1
locations:
- bytecode_offsets: {}
line_numbers:
wallet.sol: [24]
wallet_fixed.sol
/*
* @author: Kaden Zipfel
*/
pragma solidity ^0.5.0;
contract Wallet {
mapping(address => uint) balance;
// Deposit funds in contract
function deposit(uint amount) public payable {
require(msg.value == amount, 'msg.value must be equal to amount');
balance[msg.sender] = amount;
}
// Withdraw funds from contract
function withdraw(uint amount) public {
require(amount <= balance[msg.sender], 'amount must be less than balance');
uint previousBalance = balance[msg.sender];
balance[msg.sender] = previousBalance - amount;
// Attempt to send amount from the contract to msg.sender
(bool success, ) = msg.sender.call.value(amount)("");
require(success, 'transfer failed');
}
}
wallet_fixed.yaml
description: Wallet contract with effect-free statement (fixed)
issues:
- id: SWC-135
count: 0
locations: []