Skip to content
Last updated: March 11, 2025

SCWE-027: Vulnerable Cryptographic Algorithms

Stable Version v0.0.1

This content is in the version-(v0.0.1) and still under active development, so it is subject to change any time (e.g. structure, IDs, content, URLs, etc.).

Send Feedback

Relationships

  • CWE-327: Use of a Broken or Risky Cryptographic Algorithm
    CWE-327 Link

Description

Vulnerable cryptographic algorithms refer to the use of outdated or insecure cryptographic algorithms, such as MD5 or SHA-1. This can lead to: - Exploitation of the contract’s logic. - Loss of funds or data. - Reduced trust in the contract’s security.

Remediation

  • Use secure algorithms: Leverage modern cryptographic algorithms like SHA-256 or Keccak-256.
  • Avoid deprecated algorithms: Do not use algorithms known to be insecure.
  • Test thoroughly: Conduct extensive testing to ensure cryptographic security.

Examples

  • Vulnerable Algorithm 

    pragma solidity ^0.8.0;

contract VulnerableAlgorithm {
    function hashData(bytes memory data) public pure returns (bytes32) {
        return sha256(data); // Insecure algorithm
    }
}

  • Secure Algorithm 

    pragma solidity ^0.8.0;

contract SecureAlgorithm {
    function hashData(bytes memory data) public pure returns (bytes32) {
        return keccak256(data); // Secure algorithm
    }
}