Smart Contract / Shadowing State Variables

Description

Shadowing State Variables is an IT vulnerability that occurs in Smart Contracts that are written in Solidity (SWC). It is classified as CWE-827, which is a type of Improper Control of a Resource Through its Lifetime. This vulnerability occurs when a developer re-declares a state variable with the same name as a previously declared state variable. This can lead to confusion and unintended behavior in the code. This vulnerability can be found in the OWASP Testing Guide.

Risk

The risk associated with Shadowing State Variables is high. When a state variable is re-declared, the previous state variable can be hidden and unintended behavior can occur. This can cause a breach in security and can result in financial losses and damage to the reputation of the company.

Solution

The solution to this vulnerability is to ensure that all state variables have unique names. This will prevent one state variable from being overwritten by another and ensure that the code behaves as intended.

Example

The following code is an example of the Shadowing State Variables vulnerability. It shows how a state variable can be re-declared with the same name as a previously declared state variable.

contract Example {
  uint256 public var1;
 
  function () public {
    uint256 public var1;
  }
}