Kingdom: Code Quality

Poor code quality leads to unpredictable behavior. From a user's perspective that often manifests itself as poor usability. For an attacker it provides an opportunity to stress the system in unexpected ways.

Code Correctness: Failing Assertion

Solidity

Abstract

A function uses the assert Solidity function to check on a false statement.

Explanation

The assert Solidity function is intended to only check on statements that evaluate to true. Having a false statement passed into this function points at the code not functioning correctly or the function being misused, for instance, to validate input.

Example 1: The following code uses the assert function to check on a false statement.


contract A {
    B b = new B(7);

    function checkWithAssert(){
        assert(b.retValue() == 21);
        ...
    }

}

contract B {
    uint _par;
    constructor(uint par){
        _par = par;
    }

    function retValue() returns(uint){
        return _par;
    }
}

References

[1] Enterprise Ethereum Alliance No failing assert statements

[2] Standards Mapping - Common Weakness Enumeration CWE ID 670

[3] Standards Mapping - Smart Contract Weakness Classification SWC-110

desc.structural.solidity.swc110