Smart Contract / Function Default Visibility

Description

Function Default Visibility is a Smart Contract vulnerability in SWC (Software Composition Analysis) which relates to the CWE-837: Improper Enforcement of a Single, Unique Action. This type of vulnerability occurs when a function is set to public visibility by default, allowing anyone to call it and execute code without any authorization. According to the OWASP Testing Guide, this type of vulnerability can occur when developers forget to set the visibility of a function to private by default, or when other developers override the visibility of the function to public.

Risk

Function Default Visibility can lead to serious security risks as it can allow attackers to gain access to sensitive information, steal funds, or perform malicious actions without permission. The risk associated with this vulnerability is high due to the potential for misuse and exploitation by malicious actors.

Solution

The solution to the Function Default Visibility vulnerability is to set the visibility of all functions to private by default and to ensure that only authorized users can call the function. This can be done by implementing a robust authentication system that requires users to provide a valid identity in order to call the function.

Example

contract MyContract {
  // Visibility is public by default
  function myFunction() {
    // Do something
  }
}