SWC-108/未声明状态变量可见性
显式声明状态变量的可见性可以更轻松地捕获关于谁可以访问变量的错误假设。
CWE漏洞分类
整改方案
变量可被指定为public,internal或private。明确定义所有状态变量的可见性。
参考文献
合约示例
storage.sol
pragma solidity 0.4.24;
contract TestStorage {
uint storeduint1 = 15;
uint constant constuint = 16;
uint32 investmentsDeadlineTimeStamp = uint32(now);
bytes16 string1 = "test1";
bytes32 private string2 = "test1236";
string public string3 = "lets string something";
mapping (address => uint) public uints1;
mapping (address => DeviceData) structs1;
uint[] uintarray;
DeviceData[] deviceDataArray;
struct DeviceData {
string deviceBrand;
string deviceYear;
string batteryWearLevel;
}
function testStorage() public {
address address1 = 0xbccc714d56bc0da0fd33d96d2a87b680dd6d0df6;
address address2 = 0xaee905fdd3ed851e48d22059575b9f4245a82b04;
uints1[address1] = 88;
uints1[address2] = 99;
DeviceData memory dev1 = DeviceData("deviceBrand", "deviceYear", "wearLevel");
structs1[address1] = dev1;
uintarray.push(8000);
uintarray.push(9000);
deviceDataArray.push(dev1);
}
}
storage.yaml
description: Default state variable visibility
issues:
- id: SWC-108
count: 6
locations:
- bytecode_offsets: {}
line_numbers:
storage.sol: [5]
- bytecode_offsets: {}
line_numbers:
storage.sol: [7]
- bytecode_offsets: {}
line_numbers:
storage.sol: [9]
- bytecode_offsets: {}
line_numbers:
storage.sol: [14]
- bytecode_offsets: {}
line_numbers:
storage.sol: [16]
- bytecode_offsets: {}
line_numbers:
storage.sol: [17]