01.SWC-100_Frunction Default Visibility
2023-07-13 16:10:30 # 09.SWC

SWC-100_Frunction Default Visibility

Function Default Visibility

  • Description: Functions that do not have a function visibility type specified are public by default. This can lead to a vulnerability if a developer forgot to set the visibility and a malicious user is able to make unauthorized or unintended state changes.

  • Remediation: Functions can be specified as being external, public, internal or private. It is recommended to make a conscious decision on which visibility type is appropriate for a function. This can dramatically reduce the attack surface of a contract system.

vulnerable contract:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
pragma solidity ^0.4.24;

contract HashForEther {

    function withdrawWinnings() { // fixed: add public
        // Winner if the last 8 hex characters of the address are 0. 
        require(uint32(msg.sender) == 0);
        _sendWinnings();
     }

     function _sendWinnings() { // fixed: add internal
         msg.sender.transfer(this.balance);
     }
}
Prev
2023-07-13 16:10:30 # 09.SWC
Next