| Function Default Visibility |
Improper Adherence to Coding Standards |
SWC-100 |
[-1-] |
| Integer Overflow and Underflow |
Incorrect Calculation |
SWC-101 |
[-1-]
BeautyChain (BEC) [-1-] [-2-] |
| Outdated Compiler Version |
Using Components with Known Vulnerabilities |
SWC-102 |
|
| Floating Pragma |
Improper Control of a Resource Through its Lifetime |
SWC-103 |
|
| Unchecked Call Return Value |
Unchecked Return Value |
SWC-104 |
[-1-]
King of the Ether Throne (KotET) [-2-] |
| Unprotected Ether Withdrawal |
Improper Access Control |
SWC-105 |
[-1-]
Rubixi [-2-] [-3-] |
| Unprotected SELFDESTRUCT Instruction |
Improper Access Control |
SWC-106 |
[-1-] [-2-]
Parity Multi-Sig Wallets [-3-] [-4-] |
| Reentrancy |
Improper Enforcement of Behavioral Workflow |
SWC-107 |
[-1-]
The DAO [-2-] [-3-] [-4-]
Fei Protocol [-5-] [-6-] [-7-]
|
| State Variable Default Visibility |
Improper Adherence to Coding Standards |
SWC-108 |
[-1-] |
| Uninitialized Storage Pointer |
Access of Uninitialized Pointer |
SWC-109 |
[-1-]
Real-World Examples (Honey Pots):
OpenAddressLottery [-2-] [-3-]
CryptoRoulette [-4-] [-5-] |
| Assert Violation |
Always-Incorrect Control Flow Implementation |
SWC-110 |
[-1-]
[-2-] [-3-] |
| Use of Deprecated Solidity Functions |
Use of Obsolete Function |
SWC-111 |
|
| Delegatecall to Untrusted Callee |
Inclusion of Functionality from Untrusted Control Sphere |
SWC-112 |
[-1-]
[-2-] [-3-] |
| DoS with Failed Call |
Improper Check or Handling of Exceptional Conditions |
SWC-113 |
[-1-]
[-2-] [-3-] [-4-] [-5-] |
| Transaction Order Dependence |
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
SWC-114 |
[-1-]
[-2-] [-3-] [-4-] |
| Authorization through tx.origin |
Use of Obsolete Function |
SWC-115 |
[-1-]
[-2-] [-3-] [-4-] |
| Block values as a proxy for time |
Inclusion of Functionality from Untrusted Control Sphere |
SWC-116 |
[-1-]
[-2-] [-3-] [-4-] |
| Signature Malleability |
Improper Verification of Cryptographic Signature |
SWC-117 |
[-1-]
[-2-] [-3-] |
| Incorrect Constructor Name |
Improper Initialization |
SWC-118 |
[-1-]
[-2-] |
| Shadowing State Variables |
Improper Adherence to Coding Standards |
SWC-119 |
|
| Weak Sources of Randomness from Chain Attributes |
Use of Insufficiently Random Values |
SWC-120 |
[-1-]
[-2-] |
| Missing Protection against Signature Replay Attacks |
Improper Verification of Cryptographic Signature |
SWC-121 |
|
| Lack of Proper Signature Verification |
Insufficient Verification of Data Authenticity |
SWC-122 |
|
| Requirement Violation |
Improper Following of Specification by Caller |
SWC-123 |
|
| Write to Arbitrary Storage Location |
Write-what-where Condition |
SWC-124 |
|
| Incorrect Inheritance Order |
Incorrect Behavior Order |
SWC-125 |
[-1-]
[-2-] [-3-] [-4-] |
| Insufficient Gas Griefing |
Insufficient Control Flow Management |
SWC-126 |
[-1-]
[-2-] [-3-] |
| Arbitrary Jump with Function Type Variable |
Use of Low-Level Functionality |
SWC-127 |
[-1-]
[-2-] [-3-] |
| DoS With Block Gas Limit |
Uncontrolled Resource Consumption |
SWC-128 |
[-1-]
[-2-] [-3-] [-4-] [-5-] |
| Typographical Error |
Use of Incorrect Operator |
SWC-129 |
[-1-]
[-2-] [-3-] |
| Right-To-Left-Override control character (U+202E) |
User Interface (UI) Misrepresentation of Critical Information |
SWC-130 |
|
| Presence of unused variables |
Irrelevant Code |
SWC-131 |
|
| Unexpected Ether balance |
Improper Locking |
SWC-132 |
[-1-]
[-2-] [-3-] [-4-] [-5-] [-6-] |
| Hash Collisions With Multiple Variable Length Arguments |
Authentication Bypass by Capture-replay |
SWC-133 |
[-1-]
[-2-] |
| Message call with hardcoded gas amount |
Improper Initialization |
SWC-134 |
[-1-]
[-2-] [-3-] |
| Code With No Effects |
Irrelevant Code |
SWC-135 |
[-1-]
[-2-] |
| Unencrypted Private Data On-Chain |
Access to Critical Private Variable via Public Method |
SWC-136 |
[-1-]
[-2-] [-3-] [-4-] |
