Smart Contract / Use of Deprecated Solidity Functions

SWC

Description

Use of Deprecated Solidity Functions is a vulnerability of category Smart Contract, and is classified as CWE-831: Inclusion of Functionality from Untrusted Control Sphere. This vulnerability occurs in SWC (Solidity Web Compiler) and has been identified by the Open Web Application Security Project (OWASP) Testing Guide. It occurs when developers use a deprecated Solidity function in their code, which may be vulnerable to known attacks. This vulnerability can lead to an attacker gaining access to sensitive data, tampering with contracts, or executing arbitrary code.

Risk

The risk of this vulnerability is high, as it can lead to an attacker gaining access to sensitive data, tampering with contracts, or executing arbitrary code. It is also difficult to detect, as the code will usually appear to be functioning correctly.

Solution

The solution to this vulnerability is to ensure that developers are aware of any deprecated Solidity functions and refrain from using them. Developers should also be encouraged to regularly review code and identify any vulnerabilities, as well as use code review tools that can detect this type of vulnerability.

Example

The following code snippet is an example of a vulnerable Solidity function from the CVE directory:

contract Deprecated {
    function foo() returns (uint) {
        return oldFunction();
    }
    function oldFunction() internal returns (uint) {
        return 1;
    }
}

In the above example, the oldFunction() is a deprecated Solidity function, which can be vulnerable to known attacks.

Curious? Convinced? Interested?

Arrange a no-obligation consultation with one of our product experts today.