Introduction
Table of Contents
Solidity offers four visibility specifiers for functions: public, internal, private, and external. Incorrect use or neglect of these visibilities can lead to devastating vulnerabilities in smart contracts.
By default, functions are set to public visibility, allowing them to be called externally. This section will explore this vulnerability in detail.
The Vulnerability
In Solidity, the default visibility for functions is public. Hence, functions that do not specify visibility are callable by external actors. The problem arises when developers mistakenly omit visibility specifiers for functions intended to be private or internal.
HashForEther Contract:
Let’s look at the example Solidity code below
In this contract, the _sendWinnings() function is intended to be private, but its visibility is not specified. As a result, any external actor can call this function to siphon the contract’s balance, even if they are not the legitimate winner.
Real-World Example: The Parity MultiSig Wallet Hack
The Parity MultiSig Wallet hack resulted in a loss of about $31M worth of Ether. Two functions were left as ‘public‘ allowing the attacker to change ownership and consequently withdraw funds.
Preventative Techniques
- Always Specify Visibility: Even if a function is intended to be public, always explicitly state its visibility.
- Audits and Reviews: Conduct multiple rounds of security audits, specifically focusing on function visibilities.
- Compiler Warnings: Heed the warnings provided by the Solidity compiler concerning function visibility.
- Access Control Patterns: Implement access control mechanisms like Ownable to restrict access to sensitive functions.
Conclusion
Default visibilities are a potential pitfall that can lead to serious vulnerabilities. Developers should always specify function visibilities and be aware of the associated security implications to prevent unauthorized access and manipulation.