Kingdom: Code Quality
Poor code quality leads to unpredictable behavior. From a user's perspective that often manifests itself as poor usability. For an attacker it provides an opportunity to stress the system in unexpected ways.
Solidity Bad Practices: Default Function Visibility
Abstract
A function does not specify an explicit access modifier.
Explanation
When developing a Solidity smart contract, developers can set the access modifier of a function to control who can invoke it. If a developer does not specify an access modifier, the function defaults to public, allowing a malicious actor to call the function without authorization.
Example 1: The following code fails to set the access modifier in both functions and therefore anyone can invoke them, allowing a user to bypass the call to
Example 1: The following code fails to set the access modifier in both functions and therefore anyone can invoke them, allowing a user to bypass the call to
require.
function withdrawWinnings() {
require(uint32(msg.sender) == 0);
_sendWinnings();
}
function _sendWinnings() {
msg.sender.transfer(this.balance);
}
References
[1] Enterprise Ethereum Alliance Code Linting
[2] Standards Mapping - Common Weakness Enumeration CWE ID 710
[3] Standards Mapping - Smart Contract Weakness Classification SWC-100
desc.structural.solidity.swc100