Kingdom: Code Quality
Poor code quality leads to unpredictable behavior. From a user's perspective that often manifests itself as poor usability. For an attacker it provides an opportunity to stress the system in unexpected ways.
Solidity Bad Practices: Missing Constructor
Abstract
The contract does not declare a constructor.
Explanation
When using Solidity compiler versions prior to version 0.5.0, developers can define a constructor by creating a function with the same name as the containing contract. Constructors in general are reserved for sensitive functionality and meant to be run only at contract creation. If the constructor has a typo such that the name does not match the contract name, then the sensitive functionality in the constructor is exposed.
Example 1: The following code uses a Solidity compiler version earlier than 0.5.0 and tries to declare a constructor with a name that does not exactly match the contract name. In this example, the case of the contract name and the constructor name do not match (
Example 1: The following code uses a Solidity compiler version earlier than 0.5.0 and tries to declare a constructor with a name that does not exactly match the contract name. In this example, the case of the contract name and the constructor name do not match (
Missing
vs missing
).
pragma solidity 0.4.20;
contract Missing {
address private owner;
function missing() public {
owner = msg.sender;
}
}
References
[1] Enterprise Ethereum Alliance Declare Explicit Constructors
[2] Standards Mapping - Common Weakness Enumeration CWE ID 665
[3] Standards Mapping - Smart Contract Weakness Classification SWC-118
desc.structural.solidity.swc118