From 1c924a9750c4e3028ab3d92feb36f74be27e4e36 Mon Sep 17 00:00:00 2001 From: chaals Date: Mon, 1 Jul 2024 18:37:51 +0200 Subject: [PATCH 1/3] Update SWC-119.md --- entries/docs/SWC-119.md | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/entries/docs/SWC-119.md b/entries/docs/SWC-119.md index abab978f..180540f5 100644 --- a/entries/docs/SWC-119.md +++ b/entries/docs/SWC-119.md @@ -1,4 +1,14 @@ -# Title +# Please note, this content is no longer actively maintained. + +The content of the SWC registry has not been thoroughly updated since 2020. It is known to be incomplete and may contain errors as well as crucial omissions. + +For currently maintained guidance on known Smart Contract vulnerabilities written primarily as guidance for security reviewers, please see the +[EEA EthTrust Security Levels specification](https://entethalliance.org/specs/ethtrust-sl). As well as the latest release version, an +[Editor's draft](https://entethalliance.github.io/eta-registry/security-levels-spec.html) is available, +that represents the latest work of the group developing the specification. + +General guidance for developers on what to consider to ensure security, that is currently maintained, is also available through the +[Smart Contract Security Verification Standard (SCSVS)](https://github.com/ComposableSecurity/SCSVS).# Title Shadowing State Variables From 346fb5f6ae78a3d04c9930a4cc66d706cba04177 Mon Sep 17 00:00:00 2001 From: chaals Date: Mon, 1 Jul 2024 18:53:18 +0200 Subject: [PATCH 2/3] Update SWC-119.md EthTrust reference --- entries/docs/SWC-119.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/entries/docs/SWC-119.md b/entries/docs/SWC-119.md index 180540f5..d0129a47 100644 --- a/entries/docs/SWC-119.md +++ b/entries/docs/SWC-119.md @@ -31,6 +31,10 @@ Review storage variable layouts for your contract systems carefully and remove a - [Issue on Solidity's Github - Shadowing of inherited state variables should be an error (override keyword)](https://github.com/ethereum/solidity/issues/2563) - [Issue on Solidity's Github - Warn about shadowing state variables](https://github.com/ethereum/solidity/issues/973) +### EEA EthTrust Security Levels Specification + +- [**[Q] Implement as Documented**](https://entethalliance.org/specs/ethtrust-sl/#req-3-implement-as-documented) + ## Samples ### ShadowingInFunctions.sol From 4783faab1e5055e08e753d3507abc84729575e2c Mon Sep 17 00:00:00 2001 From: chaals Date: Mon, 1 Jul 2024 19:00:26 +0200 Subject: [PATCH 3/3] Update SWC-118.md disclaimer, links to modern stuff --- entries/docs/SWC-118.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/entries/docs/SWC-118.md b/entries/docs/SWC-118.md index dc3421f4..ba8e6142 100644 --- a/entries/docs/SWC-118.md +++ b/entries/docs/SWC-118.md @@ -1,3 +1,14 @@ +# Please note, this content is no longer actively maintained. + +The content of the SWC registry has not been thoroughly updated since 2020. It is known to be incomplete and may contain errors as well as crucial omissions. + +For currently maintained guidance on known Smart Contract vulnerabilities written primarily as guidance for security reviewers, please see the +[EEA EthTrust Security Levels specification](https://entethalliance.org/specs/ethtrust-sl). As well as the latest release version, an +[Editor's draft](https://entethalliance.github.io/eta-registry/security-levels-spec.html) is available, that represents the latest work of the group developing the specification. + +General guidance for developers on what to consider to ensure security, that is currently maintained, is also available through the +[Smart Contract Security Verification Standard (SCSVS)](https://github.com/ComposableSecurity/SCSVS). + # Title Incorrect Constructor Name @@ -19,6 +30,11 @@ Solidity version 0.4.22 introduces a new `constructor` keyword that make a const - [SigmaPrime - Constructors with Care](https://blog.sigmaprime.io/solidity-security.html#constructors) +### EEA EthTrust Security Levels Specification + +- [**[S] Use a Modern Compiler**](https://entethalliance.org/specs/ethtrust-sl/#req-1-compiler-060) +- [**[Q] Code Linting**](https://entethalliance.org/specs/ethtrust-sl/#req-3-linted) + ## Samples ### incorrect_constructor_name1.sol