Please note, this content is no longer actively maintained.
The content of the SWC registry has not been thoroughly updated since 2020. It is known to be incomplete and may contain errors as well as crucial omissions.
For currently maintained guidance on known Smart Contract vulnerabilities written primarily as guidance for security reviewers, please see the EEA EthTrust Security Levels specification. As well as the latest release version, an Editor's draft is available, that represents the latest work of the group developing the specification.
General guidance for developers on what to consider to ensure security, that is currently maintained, is also available through the Smart Contract Security Verification Standard (SCSVS).
Title
Incorrect Constructor Name
Relationships
- CWE-665: Improper Initialization
- EthTrust Security Levels
- [S] Use a Modern Compiler
- [Q] Code Linting
Description
Constructors are special functions that are called only once during the contract creation. They often perform critical, privileged actions such as setting the owner of the contract. Before Solidity version 0.4.22, the only way of defining a constructor was to create a function with the same name as the contract class containing it. A function meant to become a constructor becomes a normal, callable function if its name doesn't exactly match the contract name. This behavior sometimes leads to security issues, in particular when smart contract code is re-used with a different name but the name of the constructor function is not changed accordingly.
Remediation
Solidity version 0.4.22 introduces a new constructor
keyword that make a constructor definitions clearer. It is therefore recommended to upgrade the contract to a recent version of the Solidity compiler and change to the new constructor declaration.
References
Samples
incorrect_constructor_name1.sol
/*
* @source: https://github.com/trailofbits/not-so-smart-contracts/blob/master/wrong_constructor_name/incorrect_constructor.sol
* @author: Ben Perez
* Modified by Gerhard Wagner
*/
pragma solidity 0.4.24;
contract Missing{
address private owner;
modifier onlyowner {
require(msg.sender==owner);
_;
}
function missing()
public
{
owner = msg.sender;
}
function () payable {}
function withdraw()
public
onlyowner
{
owner.transfer(this.balance);
}
}
incorrect_constructor_name1_fixed.sol
/*
* @source: https://github.com/trailofbits/not-so-smart-contracts/blob/master/wrong_constructor_name/incorrect_constructor.sol
* @author: Ben Perez
* Modified by Gerhard Wagner
*/
pragma solidity ^0.4.24;
contract Missing{
address private owner;
modifier onlyowner {
require(msg.sender==owner);
_;
}
constructor()
public
{
owner = msg.sender;
}
function () payable {}
function withdraw()
public
onlyowner
{
owner.transfer(this.balance);
}
}
incorrect_constructor_name2.sol
/*
* @source: https://github.com/trailofbits/not-so-smart-contracts/blob/master/wrong_constructor_name/incorrect_constructor.sol
* @author: Ben Perez
* Modified by Gerhard Wagner
*/
pragma solidity 0.4.24;
contract Missing{
address private owner;
modifier onlyowner {
require(msg.sender==owner);
_;
}
function Constructor()
public
{
owner = msg.sender;
}
function () payable {}
function withdraw()
public
onlyowner
{
owner.transfer(this.balance);
}
}
incorrect_constructor_name2_fixed.sol
/*
* @source: https://github.com/trailofbits/not-so-smart-contracts/blob/master/wrong_constructor_name/incorrect_constructor.sol
* @author: Ben Perez
* Modified by Gerhard Wagner
*/
pragma solidity ^0.4.24;
contract Missing{
address private owner;
modifier onlyowner {
require(msg.sender==owner);
_;
}
constructor()
public
{
owner = msg.sender;
}
function () payable {}
function withdraw()
public
onlyowner
{
owner.transfer(this.balance);
}
}