Last updated: March 11, 2025

SCWE-044: Insecure Use of Storage

Stable Version v0.0.1

This content is in the version-(v0.0.1) and still under active development, so it is subject to change any time (e.g. structure, IDs, content, URLs, etc.).

Send Feedback

Relationships

• CWE-20: Improper Input Validation
  CWE-20 Link

Description

Insecure use of storage refers to vulnerabilities that arise when storage variables are improperly managed. This can lead to: - Unauthorized access to sensitive data. - Loss of funds or data. - Exploitation of vulnerabilities in contract logic.

Remediation

• Encrypt sensitive data: Encrypt sensitive data before storing it.
• Validate inputs: Ensure all storage updates are properly validated.
• Test thoroughly: Conduct extensive testing to ensure storage is secure.

Examples

• Insecure Storage Usage

  pragma solidity ^0.8.0;
  
  contract InsecureStorage {
      uint public balance;
  
      function updateBalance(uint newBalance) public {
          balance = newBalance; // No validation
      }
  }
  

• Secure Storage Usage

  pragma solidity ^0.8.0;
  
  contract SecureStorage {
      uint public balance;
  
      function updateBalance(uint newBalance) public {
          require(newBalance > 0, "Invalid balance"); // Input validation
          balance = newBalance;
      }
  }
  

---