Title
Typographical Error
Relationships
CWE-480: Use of Incorrect Operator
Description
A typographical error can occur for example when the intent of a defined operation is to sum a number to a variable (+=) but it has accidentally been defined in a wrong way (=+), introducing a typo which happens to be a valid operator. Instead of calculating the sum it initializes the variable again.
The unary + operator is deprecated in new solidity compiler versions.
Remediation
The weakness can be avoided by performing pre-condition checks on any math operation or using a vetted library for arithmetic calculations such as SafeMath developed by OpenZeppelin.
References
Samples
typo_one_command.sol
pragma solidity ^0.4.25;
contract TypoOneCommand {
uint numberOne = 1;
function alwaysOne() public {
numberOne =+ 1;
}
}
typo_safe_math.sol
pragma solidity ^0.4.25;
/** Taken from the OpenZeppelin github
* @title SafeMath
* @dev Math operations with safety checks that revert on error
*/
library SafeMath {
/**
* @dev Multiplies two numbers, reverts on overflow.
*/
function mul(uint256 a, uint256 b) internal pure returns (uint256) {
// Gas optimization: this is cheaper than requiring 'a' not being zero, but the
// benefit is lost if 'b' is also tested.
// See: https://github.com/OpenZeppelin/openzeppelin-solidity/pull/522
if (a == 0) {
return 0;
}
uint256 c = a * b;
require(c / a == b);
return c;
}
/**
* @dev Integer division of two numbers truncating the quotient, reverts on division by zero.
*/
function div(uint256 a, uint256 b) internal pure returns (uint256) {
require(b > 0); // Solidity only automatically asserts when dividing by 0
uint256 c = a / b;
// assert(a == b * c + a % b); // There is no case in which this doesn't hold
return c;
}
/**
* @dev Subtracts two numbers, reverts on overflow (i.e. if subtrahend is greater than minuend).
*/
function sub(uint256 a, uint256 b) internal pure returns (uint256) {
require(b <= a);
uint256 c = a - b;
return c;
}
/**
* @dev Adds two numbers, reverts on overflow.
*/
function add(uint256 a, uint256 b) internal pure returns (uint256) {
uint256 c = a + b;
require(c >= a);
return c;
}
/**
* @dev Divides two numbers and returns the remainder (unsigned integer modulo),
* reverts when dividing by zero.
*/
function mod(uint256 a, uint256 b) internal pure returns (uint256) {
require(b != 0);
return a % b;
}
}
contract TypoSafeMath {
using SafeMath for uint256;
uint256 public numberOne = 1;
bool public win = false;
function addOne() public {
numberOne =+ 1;
}
function addOneCorrect() public {
numberOne += 1;
}
function addOneSafeMath() public {
numberOne = numberOne.add(1);
}
function iWin() public {
if(!win && numberOne>3) {
win = true;
}
}
}
typo_simple.sol
pragma solidity ^0.4.25;
contract TypoSimple {
uint onlyOne = 1;
bool win = false;
function addOne() public {
onlyOne =+ 1;
if(onlyOne>1) {
win = true;
}
}
function iWin() view public returns (bool) {
return win;
}
}