SWC智能合约漏洞库

SWC-108/未声明状态变量可见性

显式声明状态变量的可见性可以更轻松地捕获关于谁可以访问变量的错误假设。

CWE漏洞分类

CWE-710:未正确遵循编码规范

整改方案

变量可被指定为public,internal或private。明确定义所有状态变量的可见性。

参考文献

合约示例

storage.sol

pragma solidity 0.4.24;

contract TestStorage {

    uint storeduint1 = 15;
    uint constant constuint = 16;
    uint32 investmentsDeadlineTimeStamp = uint32(now); 

    bytes16 string1 = "test1"; 
    bytes32 private string2 = "test1236"; 
    string public string3 = "lets string something"; 

    mapping (address => uint) public uints1; 
    mapping (address => DeviceData) structs1; 

    uint[] uintarray; 
    DeviceData[] deviceDataArray; 

    struct DeviceData {
        string deviceBrand;
        string deviceYear;
        string batteryWearLevel;
    }

    function testStorage() public  {
        address address1 = 0xbccc714d56bc0da0fd33d96d2a87b680dd6d0df6;
        address address2 = 0xaee905fdd3ed851e48d22059575b9f4245a82b04;

        uints1[address1] = 88;
        uints1[address2] = 99;

        DeviceData memory dev1 = DeviceData("deviceBrand", "deviceYear", "wearLevel");

        structs1[address1] = dev1;

        uintarray.push(8000);
        uintarray.push(9000);

        deviceDataArray.push(dev1);
    }
}

storage.yaml

description: Default state variable visibility
issues:
- id: SWC-108
  count: 6
  locations:
  - bytecode_offsets: {}
    line_numbers:
      storage.sol: [5]
  - bytecode_offsets: {}
    line_numbers:
      storage.sol: [7]
  - bytecode_offsets: {}
    line_numbers:
      storage.sol: [9]
  - bytecode_offsets: {}
    line_numbers:
      storage.sol: [14]
  - bytecode_offsets: {}
    line_numbers:
      storage.sol: [16]
  - bytecode_offsets: {}
    line_numbers:
      storage.sol: [17]