Last updated: March 11, 2025

SCWE-021: Unsecured Data Transmission

Stable Version v0.0.1

This content is in the version-(v0.0.1) and still under active development, so it is subject to change any time (e.g. structure, IDs, content, URLs, etc.).

Send Feedback

Relationships

• CWE-319: Cleartext Transmission of Sensitive Information
  CWE-319 Link

Description

Unsecured data transmission refers to the transmission of sensitive information, such as private keys or user data, without encryption. This can lead to: - Interception of sensitive data by malicious actors. - Exploitation of vulnerabilities in the contract. - Loss of funds or data.

Remediation

• Use encryption: Encrypt sensitive data before transmission.
• Leverage secure protocols: Use HTTPS or other secure communication protocols.
• Avoid transmitting sensitive data: Minimize the transmission of sensitive data whenever possible.

Examples

• Unsecured Data Transmission

  pragma solidity ^0.8.0;
  
  contract UnsecuredData {
      function transmitData(bytes memory data) public {
          // Transmit data without encryption
      }
  }
  

• Secured Data Transmission

  pragma solidity ^0.8.0;
  
  contract SecuredData {
      function transmitData(bytes memory encryptedData) public {
          // Transmit encrypted data
      }
  }
  

---