界: Code Quality
程式碼品質不佳,會導致無法預料的行為。從使用者的角度來看,這通常表現為可用性不佳。對於攻擊者而言,這提供了以意想不到的方式向系統施加壓力的機會。
Poor Style: Variable Never Used
Abstract
此變數從未被使用過。
Explanation
此變數從未被使用過。可能這只是一個無用的程式碼,但是這也可能指出了一個錯誤。
範例:在以下程式碼中,一個複製貼上錯誤導致相同的迴圈迭代器 (
範例:在以下程式碼中,一個複製貼上錯誤導致相同的迴圈迭代器 (
i) 被使用了兩次。變數 j 從未使用過。
int i,j;
for (i=0; i < outer; i++) {
for (i=0; i < inner; i++) {
...
References
[1] Standards Mapping - CIS Azure Kubernetes Service Benchmark 1
[2] Standards Mapping - CIS Amazon Elastic Kubernetes Service Benchmark 4
[3] Standards Mapping - CIS Amazon Web Services Foundations Benchmark 1
[4] Standards Mapping - CIS Google Kubernetes Engine Benchmark normal
[5] Standards Mapping - Common Weakness Enumeration CWE ID 563
[6] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C++ Guidelines 2008 Rule 0-1-3
[7] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP3050 CAT II
[8] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP3050 CAT II
[9] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP3050 CAT II
[10] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP3050 CAT II
[11] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP3050 CAT II
[12] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP3050 CAT II
[13] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP3050 CAT II
[14] Standards Mapping - Smart Contract Weakness Classification SWC-131
desc.structural.cpp.poor_style_variable_never_used
Abstract
合約定義了一個變數,但從不使用。
Explanation
Solidity 允許宣告變數、但從不使用,儘管大多數的時候,這並不直接指向安全性弱點,但這是不好的做法。由於所需的運算週期會增加,這可能會導致雜訊和不必要的燃料消耗。
範例 1:以下程式碼宣告類型為
範例 1:以下程式碼宣告類型為
A 的變數 var1,但從不使用。
contract Base {
struct A { uint a; }
}
contract DerivedA is Base {
A var1 = A(1);
int internal j = 500;
function call(int a) public {
assign1(a);
}
function assign3(A memory x) public returns (uint) {
return g[1] + x.a + uint(j);
}
}
References
[1] Standards Mapping - CIS Azure Kubernetes Service Benchmark 1
[2] Standards Mapping - CIS Amazon Elastic Kubernetes Service Benchmark 4
[3] Standards Mapping - CIS Amazon Web Services Foundations Benchmark 1
[4] Standards Mapping - CIS Google Kubernetes Engine Benchmark normal
[5] Standards Mapping - Common Weakness Enumeration CWE ID 563
[6] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C++ Guidelines 2008 Rule 0-1-3
[7] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP3050 CAT II
[8] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP3050 CAT II
[9] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP3050 CAT II
[10] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP3050 CAT II
[11] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP3050 CAT II
[12] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP3050 CAT II
[13] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP3050 CAT II
[14] Standards Mapping - Smart Contract Weakness Classification SWC-131
desc.structural.solidity.swc131