Smart Contract / Typographical Error

SWC

Description

Typographical Error (CWE-20) is a type of vulnerability in Smart Contracts that occurs when the code fails to validate user input correctly. This vulnerability is often caused by typos made during coding, such as missing a character or mistyping a keyword. According to the OWASP Testing Guide, this type of vulnerability is most common in Solidity (SWC) applications.

Risk

Typographical Error vulnerabilities can cause a variety of issues ranging from minor data errors to system crashes. A malicious actor can also exploit this vulnerability to gain access to secure data or modify contract functions. The potential damage caused by this vulnerability is often significant, making it important to address this issue quickly.

Solution

The best way to prevent Typographical Error vulnerabilities from occurring is to create a thorough review process for all code changes. This involves ensuring that all code is tested and reviewed by multiple developers before being deployed to the blockchain. Additionally, automated testing tools should be used to detect any typos before they are pushed to the blockchain.

Example

The following example code shows an example of a Typographical Error vulnerability in Solidity (SWC). In this example, the developer has mistyped the variable msg.sender as msg.sneder.

contract ExampleContract {
    function exampleFunction() public {
        if (msg.sneder == 0x123456789) {
            // Do something
        }
    }
}

Curious? Convinced? Interested?

Arrange a no-obligation consultation with one of our product experts today.