Kingdom: Code Quality

Poor code quality leads to unpredictable behavior. From a user's perspective that often manifests itself as poor usability. For an attacker it provides an opportunity to stress the system in unexpected ways.

Uninitialized Variable

Abstract
The program can potentially use a variable before it has been initialized.
Explanation
In .Net, static variables are initialized to its default values, however usage of those variables without initializing may lead to business logic based issues or may be used to execute a Denial of Service (DoS) attack. Programs should never use the default value of a variable.

It is not uncommon for programmers to use an uninitialized variable in code that handles errors or other rare and exceptional circumstances. Uninitialized variable warnings can sometimes indicate the presence of a typographic error in the code.

Example 1: The following code will get compiled by the .Net compiler without any error. However, the following statement int a = (Int32)i + (Int32)j; throws an unhandled exception and crashes the application at runtime.

class Program
{
static int? i = j;
static int? j;
static void Main(string[] args)
{
j = 100;
int a = (Int32)i + (Int32)j;

Console.WriteLine(i);
Console.WriteLine(j);
Console.WriteLine(a);
}
}


Most uninitialized variable issues result in general software reliability problems, but if attackers can intentionally trigger the use of an uninitialized variable, they might be able to launch a denial of service attack by crashing the program.
References
[1] Standards Mapping - Common Weakness Enumeration CWE ID 457, CWE ID 824
[2] Standards Mapping - DISA Control Correlation Identifier Version 2 CCI-001094
[3] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C Guidelines 2012 Rule 9.1
[4] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C Guidelines 2023 Rule 9.1
[5] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C++ Guidelines 2008 Rule 8-5-1
[6] Standards Mapping - NIST Special Publication 800-53 Revision 4 SC-5 Denial of Service Protection (P1)
[7] Standards Mapping - NIST Special Publication 800-53 Revision 5 SC-5 Denial of Service Protection
[8] Standards Mapping - OWASP Top 10 2004 A9 Application Denial of Service
[9] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 Requirement 6.5.9
[10] Standards Mapping - SANS Top 25 2009 Risky Resource Management - CWE ID 665
[11] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP6080 CAT II
[12] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP6080 CAT II
[13] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP6080 CAT II
[14] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP6080 CAT II
[15] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP6080 CAT II
[16] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP6080 CAT II
[17] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP6080 CAT II
[18] Standards Mapping - Security Technical Implementation Guide Version 4.2 APSC-DV-002400 CAT II
[19] Standards Mapping - Security Technical Implementation Guide Version 4.3 APSC-DV-002400 CAT II
[20] Standards Mapping - Security Technical Implementation Guide Version 4.4 APSC-DV-002400 CAT II
[21] Standards Mapping - Security Technical Implementation Guide Version 4.5 APSC-DV-002400 CAT II
[22] Standards Mapping - Security Technical Implementation Guide Version 4.6 APSC-DV-002400 CAT II
[23] Standards Mapping - Security Technical Implementation Guide Version 4.7 APSC-DV-002400 CAT II
[24] Standards Mapping - Security Technical Implementation Guide Version 4.8 APSC-DV-002400 CAT II
[25] Standards Mapping - Security Technical Implementation Guide Version 4.9 APSC-DV-002400 CAT II
[26] Standards Mapping - Security Technical Implementation Guide Version 4.10 APSC-DV-002400 CAT II
[27] Standards Mapping - Security Technical Implementation Guide Version 4.11 APSC-DV-002400 CAT II
[28] Standards Mapping - Security Technical Implementation Guide Version 4.1 APSC-DV-002400 CAT II
[29] Standards Mapping - Security Technical Implementation Guide Version 5.1 APSC-DV-002400 CAT II
[30] Standards Mapping - Security Technical Implementation Guide Version 5.2 APSC-DV-002400 CAT II
[31] Standards Mapping - Security Technical Implementation Guide Version 5.3 APSC-DV-002400 CAT II
[32] Standards Mapping - Security Technical Implementation Guide Version 6.1 APSC-DV-002400 CAT II
[33] Standards Mapping - Smart Contract Weakness Classification SWC-109
[34] Standards Mapping - Web Application Security Consortium Version 2.00 Denial of Service (WASC-10)
[35] Standards Mapping - Web Application Security Consortium 24 + 2 Denial of Service
desc.structural.dotnet.uninitialized_variable
Abstract
The program might use a variable before it has been initialized.
Explanation
Stack variables in C and C++ are not initialized by default. Their initial values are determined by whatever happens to be in their location on the stack at the time the function is invoked. Programs should never use the value of an uninitialized variable.

It is not uncommon for programmers to use an uninitialized variable in code that handles errors or other rare and exceptional circumstances. Uninitialized variable warnings can sometimes indicate the presence of a typographic error in the code.

Example 1: The following switch statement is intended to set values for the variables aN and bN, but in the default case, the programmer accidentally set the value of aN twice.


switch (ctl) {
case -1:
aN = 0; bN = 0;
break;
case 0:
aN = i; bN = -i;
break;
case 1:
aN = i + NEXT_SZ; bN = i - NEXT_SZ;
break;
default:
aN = -1; aN = -1;
break;
}



Most uninitialized variables result in general software reliability issues, but if attackers can intentionally trigger the use of an uninitialized variable, they might be able to launch a denial of service attack by crashing the program. Under the right circumstances, an attacker might be able to control the value of an uninitialized variable by affecting the values on the stack prior to the function invocation.
References
[1] Standards Mapping - Common Weakness Enumeration CWE ID 457, CWE ID 824
[2] Standards Mapping - DISA Control Correlation Identifier Version 2 CCI-001094
[3] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C Guidelines 2012 Rule 9.1
[4] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C Guidelines 2023 Rule 9.1
[5] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C++ Guidelines 2008 Rule 8-5-1
[6] Standards Mapping - NIST Special Publication 800-53 Revision 4 SC-5 Denial of Service Protection (P1)
[7] Standards Mapping - NIST Special Publication 800-53 Revision 5 SC-5 Denial of Service Protection
[8] Standards Mapping - OWASP Top 10 2004 A9 Application Denial of Service
[9] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 Requirement 6.5.9
[10] Standards Mapping - SANS Top 25 2009 Risky Resource Management - CWE ID 665
[11] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP6080 CAT II
[12] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP6080 CAT II
[13] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP6080 CAT II
[14] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP6080 CAT II
[15] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP6080 CAT II
[16] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP6080 CAT II
[17] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP6080 CAT II
[18] Standards Mapping - Security Technical Implementation Guide Version 4.2 APSC-DV-002400 CAT II
[19] Standards Mapping - Security Technical Implementation Guide Version 4.3 APSC-DV-002400 CAT II
[20] Standards Mapping - Security Technical Implementation Guide Version 4.4 APSC-DV-002400 CAT II
[21] Standards Mapping - Security Technical Implementation Guide Version 4.5 APSC-DV-002400 CAT II
[22] Standards Mapping - Security Technical Implementation Guide Version 4.6 APSC-DV-002400 CAT II
[23] Standards Mapping - Security Technical Implementation Guide Version 4.7 APSC-DV-002400 CAT II
[24] Standards Mapping - Security Technical Implementation Guide Version 4.8 APSC-DV-002400 CAT II
[25] Standards Mapping - Security Technical Implementation Guide Version 4.9 APSC-DV-002400 CAT II
[26] Standards Mapping - Security Technical Implementation Guide Version 4.10 APSC-DV-002400 CAT II
[27] Standards Mapping - Security Technical Implementation Guide Version 4.11 APSC-DV-002400 CAT II
[28] Standards Mapping - Security Technical Implementation Guide Version 4.1 APSC-DV-002400 CAT II
[29] Standards Mapping - Security Technical Implementation Guide Version 5.1 APSC-DV-002400 CAT II
[30] Standards Mapping - Security Technical Implementation Guide Version 5.2 APSC-DV-002400 CAT II
[31] Standards Mapping - Security Technical Implementation Guide Version 5.3 APSC-DV-002400 CAT II
[32] Standards Mapping - Security Technical Implementation Guide Version 6.1 APSC-DV-002400 CAT II
[33] Standards Mapping - Smart Contract Weakness Classification SWC-109
[34] Standards Mapping - Web Application Security Consortium Version 2.00 Denial of Service (WASC-10)
[35] Standards Mapping - Web Application Security Consortium 24 + 2 Denial of Service
desc.controlflow.cpp.uninitialized_variable
Abstract
A local storage variable is not initialized.
Explanation
Leaving local storage variables uninitialized can leave them pointing to unexpected storage locations, leading to unintended behavior and sometimes vulnerabilities.

Example 1: The following code declares the variable game without initializing it.


struct Game {
address player;
}

function play(uint256 number) payable public {

Game game;
game.player = msg.sender;

}
References
[1] Enterprise Ethereum Alliance Explicit Storage
[2] Standards Mapping - Common Weakness Enumeration CWE ID 457, CWE ID 824
[3] Standards Mapping - DISA Control Correlation Identifier Version 2 CCI-001094
[4] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C Guidelines 2012 Rule 9.1
[5] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C Guidelines 2023 Rule 9.1
[6] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C++ Guidelines 2008 Rule 8-5-1
[7] Standards Mapping - NIST Special Publication 800-53 Revision 4 SC-5 Denial of Service Protection (P1)
[8] Standards Mapping - NIST Special Publication 800-53 Revision 5 SC-5 Denial of Service Protection
[9] Standards Mapping - OWASP Top 10 2004 A9 Application Denial of Service
[10] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 Requirement 6.5.9
[11] Standards Mapping - SANS Top 25 2009 Risky Resource Management - CWE ID 665
[12] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP6080 CAT II
[13] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP6080 CAT II
[14] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP6080 CAT II
[15] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP6080 CAT II
[16] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP6080 CAT II
[17] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP6080 CAT II
[18] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP6080 CAT II
[19] Standards Mapping - Security Technical Implementation Guide Version 4.2 APSC-DV-002400 CAT II
[20] Standards Mapping - Security Technical Implementation Guide Version 4.3 APSC-DV-002400 CAT II
[21] Standards Mapping - Security Technical Implementation Guide Version 4.4 APSC-DV-002400 CAT II
[22] Standards Mapping - Security Technical Implementation Guide Version 4.5 APSC-DV-002400 CAT II
[23] Standards Mapping - Security Technical Implementation Guide Version 4.6 APSC-DV-002400 CAT II
[24] Standards Mapping - Security Technical Implementation Guide Version 4.7 APSC-DV-002400 CAT II
[25] Standards Mapping - Security Technical Implementation Guide Version 4.8 APSC-DV-002400 CAT II
[26] Standards Mapping - Security Technical Implementation Guide Version 4.9 APSC-DV-002400 CAT II
[27] Standards Mapping - Security Technical Implementation Guide Version 4.10 APSC-DV-002400 CAT II
[28] Standards Mapping - Security Technical Implementation Guide Version 4.11 APSC-DV-002400 CAT II
[29] Standards Mapping - Security Technical Implementation Guide Version 4.1 APSC-DV-002400 CAT II
[30] Standards Mapping - Security Technical Implementation Guide Version 5.1 APSC-DV-002400 CAT II
[31] Standards Mapping - Security Technical Implementation Guide Version 5.2 APSC-DV-002400 CAT II
[32] Standards Mapping - Security Technical Implementation Guide Version 5.3 APSC-DV-002400 CAT II
[33] Standards Mapping - Security Technical Implementation Guide Version 6.1 APSC-DV-002400 CAT II
[34] Standards Mapping - Smart Contract Weakness Classification SWC-109
[35] Standards Mapping - Web Application Security Consortium Version 2.00 Denial of Service (WASC-10)
[36] Standards Mapping - Web Application Security Consortium 24 + 2 Denial of Service
desc.structural.solidity.swc109