Kingdom: Code Quality

Poor code quality leads to unpredictable behavior. From a user's perspective that often manifests itself as poor usability. For an attacker it provides an opportunity to stress the system in unexpected ways.

Dead Code

Abstract
This statement will never be executed.
Explanation
The surrounding code makes it impossible for this statement to ever be executed.

Example 1: The condition for the second if statement is impossible to satisfy. It requires that the variable s be non-null, while on the only path where s can be assigned a non-null value there is a return statement.


String s = null;

if (b) {
   s = "Yes";
   return;
}

if (s != null) {
   Dead();
}
References
[1] Standards Mapping - Common Weakness Enumeration CWE ID 561
[2] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C Guidelines 2012 Rule 2.1
[3] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C Guidelines 2023 Rule 2.1
[4] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C++ Guidelines 2008 Rule 0-1-1, Rule 0-1-2
[5] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C++ Guidelines 2023 Rule 0.0.1, Rule 0.0.2
[6] Standards Mapping - OWASP Application Security Verification Standard 4.0 5.1.1 Input Validation Requirements (L1 L2 L3), 8.1.3 General Data Protection (L2 L3)
[7] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP3050 CAT II
[8] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP3050 CAT II
[9] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP3050 CAT II
[10] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP3050 CAT II
[11] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP3050 CAT II
[12] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP3050 CAT II
[13] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP3050 CAT II
[14] Standards Mapping - Smart Contract Weakness Classification SWC-135
desc.internal.cpp.dead_code
Abstract
A function defines code with no effect.
Explanation
In Solidity, developers can write code that has no effect, which can lead to unexpected behavior or code that does not perform the intended action.

Example 1: The following code tries to update the balance of msg.sender but uses == instead of = to do so, which has no effect.


function deposit(uint amount) public payable {
    require(msg.value == amount, 'incorrect amount');
    balance[msg.sender] == amount;
}
References
[1] Standards Mapping - Common Weakness Enumeration CWE ID 561
[2] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C Guidelines 2012 Rule 2.1
[3] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C Guidelines 2023 Rule 2.1
[4] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C++ Guidelines 2008 Rule 0-1-1, Rule 0-1-2
[5] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C++ Guidelines 2023 Rule 0.0.1, Rule 0.0.2
[6] Standards Mapping - OWASP Application Security Verification Standard 4.0 5.1.1 Input Validation Requirements (L1 L2 L3), 8.1.3 General Data Protection (L2 L3)
[7] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP3050 CAT II
[8] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP3050 CAT II
[9] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP3050 CAT II
[10] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP3050 CAT II
[11] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP3050 CAT II
[12] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP3050 CAT II
[13] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP3050 CAT II
[14] Standards Mapping - Smart Contract Weakness Classification SWC-135
desc.structural.solidity.swc135