Poor code quality leads to unpredictable behavior. From a user's perspective that often manifests itself as poor usability. For an attacker it provides an opportunity to stress the system in unexpected ways.
readObject()
method within the class calls a function that may be overridden.readObject()
acts like a constructor, so object initialization is not complete until this function ends. Therefore when a readObject()
function of a Serializable
class calls an overridable function, this may provide the overriding method access to the object's state prior to it being fully initialized.readObject()
function calls a method that can be overridden.
...
private void readObject(final ObjectInputStream ois) throws IOException, ClassNotFoundException {
checkStream(ois);
ois.defaultReadObject();
}
public void checkStream(ObjectInputStream stream){
...
}
checkStream()
and its enclosing class are not final
and public, it means that the function can be overridden, which may mean that an attacker may override the checkStream()
function in order to get access to the object during deserialization.private readonly
list variable from a getter-only property allows the calling code to modify the contents of the list, effectively giving the list write access and contradicting the intentions of the programmer who made it private readonly
._item
which is declared as private readonly
.
class Order
{
private readonly List<string> _item = new List<string>();
public IEnumerable<string> Item { get { return _item; } }
public Order()
{
/*class initialize */
}
/*some important function......*/
}
msg.sender.call.value
(Interaction).
function withdraw(uint amount) public{
if (credit[msg.sender] >= amount) {
require(msg.sender.call.value(amount)());
credit[msg.sender]-=amount;
}
}
Example 1
breaks the Checks-Effects-Interaction pattern by doing Checks-Interaction-Effects instead. This can lead to reentrancy if an attacking smart contract receives the Ether in a fallback function and immediately calls back withdraw
, creating a recursive situation where Ether is drained because the line of code that decreases the balance (aka the Effect) never gets executed.
Marker child = MarkerManager.getMarker("child");
Marker parent = MarkerManager.getMarker("parent");
child.addParents(parent);
parent.addParents(child);
String toInfinity = child.toString();
toString()
, which includes a recursive processing method, it triggers a stack overflow exception (stack exhaustion). This exception occurs due to the circular link between child and parent.String
object is unreliable and should not be done.String
object, it must first be changed into a String
object, typically via a function such as Double.toString()
. Depending on the type and value of the floating-point variable, when converted to a String
object, it could be "NaN", "Infinity", "-Infinity", have a certain amount of trailing decimal places containing zeroes, or may contain an exponent field. If converted to a hexadecimal String, the representation may differ greatly as well.String
.
...
int initialNum = 1;
...
String resultString = Double.valueOf(initialNum/10000.0).toString();
if (s.equals("0.0001")){
//do something
...
}
...
if
statement is impossible to satisfy. It requires that the variable s
be non-null, while on the only path where s
can be assigned a non-null value there is a return
statement.
String s = null;
if (b) {
s = "Yes";
return;
}
if (s != null) {
Dead();
}
msg.sender
but uses ==
instead of =
to do so, which has no effect.
function deposit(uint amount) public payable {
require(msg.value == amount, 'incorrect amount');
balance[msg.sender] == amount;
}