Skip to content
Last updated: December 19, 2024

SCWE-012: Improper Function Definitions

Content in BETA

This content is in beta and still under active development, so it is subject to change any time (e.g. structure, IDs, content, URLs, etc.).

Send Feedback

Relationships

Description

Improper function definitions refer to situations where functions in smart contracts are defined with incorrect or inconsistent logic, parameter types, or return types. This can lead to unexpected behaviors and vulnerabilities in the contract. Common issues include:

  • Inconsistent parameter types: Functions that take or return parameters of unexpected or incorrect types.
  • Misleading function names: Functions with names that do not match their actual behavior.
  • Incorrect visibility: Functions that are defined with the wrong visibility, either exposing sensitive logic or causing issues with access control.

Remediation

  • Ensure consistency with function signatures: Validate that parameters, return types, and function names are correct and consistent with the intended contract logic.
  • Review function visibility: Double-check that functions are properly marked as public, private, internal, or external based on the intended access levels.
  • Follow coding standards: Adhere to established coding standards for smart contracts to ensure clarity and avoid issues with maintenance or security.

Samples

Improper Function Definition

pragma solidity ^0.4.0;

contract ImproperFunction {
    uint public balance;

    // Function is defined without specifying return type
    function getBalance() {
        return balance;  // Missing return type (should be 'uint')
    }
}

Correct Function Definition

pragma solidity ^0.4.0;

contract CorrectFunction {
    uint public balance;

    // Function correctly defined with return type 'uint'
    function getBalance() public view returns (uint) {
        return balance;
    }
}