Unrestricted but private setter used only in restricted function considered "unrestricted write"

eth-sri / securify

[DEPRECATED] Security Scanner for Ethereum Smart Contracts

Apache License 2.0

218 stars 50 forks source link

Unrestricted but private setter used only in restricted function considered "unrestricted write" #8

Closed hiqua closed 2 years ago

hiqua commented 6 years ago

pragma solidity ^0.4.23;
contract A {
  uint a;
  address owner = 0x134;
  modifier onlyOwner{
    require(msg.sender == owner);
    _;
  }
  function d(uint _a) onlyOwner{
    set(_a);
  }
  function set(uint  _a) private{
    a = _a;
  }
}

hiqua commented 6 years ago

Still relevant.

hiqua commented 6 years ago

It seems Securify consider that any JUMPDEST indicates a public function, although we should check whether there has been some comparison to some signature before that.