Kingdom: Errors
Errors and error handling represent a class of API. Errors related to error handling are so common that they deserve a special kingdom of their own. As with "API Abuse," there are two ways to introduce an error-related security vulnerability: the most common one is handling errors poorly (or not at all). The second is producing errors that either give out too much information (to possible attackers) or are difficult to handle.
Code Correctness: Typographical Error
Abstract
The contract uses an operation that is prone to typographical errors.
Explanation
A typographical error on an operation can lead to unexpected results. For example, if the intention is to add a number to a variable using
Example 1 The following code is intended to add a number to the variable
+= but it is written as =+, the operation is still valid. However, instead of carrying out the addition, it re-initializes the variable.Example 1 The following code is intended to add a number to the variable
numberOne. However, using the =+ operator actually re-initializes the variable to 1.
uint numberOne = 1;
function alwaysOne() public {
numberOne =+ 1;
}
References
[1] Enterprise Ethereum Alliance Typographic Conventions
[2] Standards Mapping - CIS Azure Kubernetes Service Benchmark 2
[3] Standards Mapping - CIS Amazon Elastic Kubernetes Service Benchmark 5
[4] Standards Mapping - CIS Amazon Web Services Foundations Benchmark 3
[5] Standards Mapping - CIS Google Kubernetes Engine Benchmark normal
[6] Standards Mapping - Common Weakness Enumeration CWE ID 480
[7] Standards Mapping - Smart Contract Weakness Classification SWC-129
desc.structural.solidity.swc129