Return

Smart Contract Vulnerability Coverage

Assertions and Property Checking

DETECTOR

ANALYSIS TYPE

SWC-ID

Solidity assert violation

Symbolic analysis, fuzzing (bytecode)

SWC-110

MythX assertion violation (AssertionFailed event)

Symbolic analysis, fuzzing (bytecode)

SWC-110

Byte-code Safety

DETECTOR

ANALYSIS TYPE

SWC-ID

Integer overflow in arithmetic operation

Symbolic analysis, fuzzing (bytecode)

SWC-101

Integer underflow in arithmetic operation

Symbolic analysis, fuzzing (bytecode)

SWC-101

Caller can redirect execution to arbitrary locations

Symbolic analysis, fuzzing (bytecode)

SWC-127

Caller can write to arbitrary storage locations

Symbolic analysis, fuzzing (bytecode)

SWC-124

Dangerous use of uninitialized storage variables

Solidity code analysis

SWC-109

Authorization Controls

DETECTOR

ANALYSIS TYPE

SWC-ID

Any sender can withdraw ETH from the contract account

Symbolic analysis, fuzzing (bytecode)

SWC-105

Any sender can trigger SELFDESTRUCT

Symbolic analysis, fuzzing (bytecode)

SWC-106

Use of "tx.origin" as a part of authorization control

Solidity code analysis

SWC-115

Control Flow

DETECTOR

ANALYSIS TYPE

SWC-ID

Delegatecall to a user-supplied address

Symbolic analysis (bytecode)

SWC-112

Call to a user-supplied address

Symbolic analysis (bytecode)

SWC-107

Unchecked return value from external call

Solidity code analysis

SWC-104

Block timestamp influences a control flow decision

Taint analysis (bytecode)

SWC-116

Environment variables influence a control flow decisions

Taint analysis (bytecode)

SWC-120

Loop over unbounded data structure

Solidity code analysis

SWC-128

Implicit loop over unbounded data structure

Solidity code analysis

SWC-128

Usage of "continue" in "do-while"

Solidity code analysis

N/A

Multiple calls are executed in the same transaction

Static analysis (bytecode)

SWC-113

Persistent state read following external call

Static analysis, fuzzing (bytecode)

SWC-107

Persistent state write following external call

Static analysis, fuzzing (bytecode)

SWC-107

Account state accessed after call to user-defined address

Symbolic analysis (bytecode)

SWC-107

Return value of an external call is not checked

Static analysis (bytecode)

SWC-104

Potential weak source of randonmness

Solidity code analysis

SWC-120

Requirement violation

Fuzzing (bytecode)

SWC-123

Call with hardcoded gas amount

Solidity code analysis

SWC-134

ERC Standards

DETECTOR

ANALYSIS TYPE

SWC-ID

Incorrect ERC20 implementation

Solidity code analysis

N/A

Control Flow

DETECTOR

ANALYSIS TYPE

SWC-ID

Outdated compiler version

Solidity code analysis

SWC-102

No or floating compiler version set

Solidity code analysis

SWC-103

Use of right-to-left-override control character

Solidity code analysis

SWC-130

Shadowing of built-in symbol

Solidity code analysis

SWC-119

Incorrect constructor name

Solidity code analysis

SWC-118

State variable shadows another state variable

Solidity code analysis

SWC-119

Local variable shadows a state variable

Solidity code analysis

SWC-119

Function parameter shadows a state variable

Solidity code analysis

SWC-119

Named return value shadows a state variable

Solidity code analysis

SWC-119

Unary operation without effect

Solidity code analysis

SWC-129

Unary operation directly after assignment

Solidity code analysis

SWC-129

Unused state variable

Solidity code analysis

SWC-131

Unused local variable

Solidity code analysis

SWC-131

Function visibility is not set

Solidity code analysis

SWC-100

State variable visibility is not set

Solidity code analysis

SWC-108

Use of deprecated functions: callcode(), sha3(), ...

Solidity code analysis

SWC-111

Use of deprecated global variables (msg.gas, ...)

Solidity code analysis

SWC-111

Use of deprecated keywords (throw, var)

Solidity code analysis

SWC-111

Incorrect function state mutability

Solidity code analysis

N/A

Return
TALK TO US