Kingdom: Code Quality
Poor code quality leads to unpredictable behavior. From a user's perspective that often manifests itself as poor usability. For an attacker it provides an opportunity to stress the system in unexpected ways.
Solidity Bad Practices: Ether Balance Check
Abstract
A function compares the contract balance to a specific Ether value.
Explanation
Assuming the contract has a specific Ether balance can lead to erroneous or unexpected behavior because the balance of a contract can be forcibly altered, for example by sending Ether to the contract.
Example 1: The following code uses an
Example 1: The following code uses an
assert to check that the balance of the Lock contract instance is a specific value (msg.value).
contract Lock {
constructor (address owner, uint256 unlockTime) public payable {
...
}
}
contract Lockdrop {
...
function lock(...) {
uint256 eth = msg.value;
address owner = msg.sender;
uint256 unlockTime = unlockTimeForTerm(term);
Lock lockAddr = (new Lock).value(eth)(owner, unlockTime);
assert(address(lockAddr).balance == msg.value);
}
}
References
[1] Enterprise Ethereum Alliance No Exact Balance Check
[2] Standards Mapping - Common Weakness Enumeration CWE ID 710
[3] Standards Mapping - Smart Contract Weakness Classification SWC-132
desc.structural.solidity.swc132