Skip to main content

Unprotected set code hash

What it does

It warns you if set_code_hash function is called without previously checking the address of the caller.

Why is this bad?

If users are allowed to call set_code_hash, they can intentionally modify the contract behaviour, leading to the loss of all associated data/tokens and functionalities given by this contract or by others that depend on it.

Example

    #[ink(message)]
    pub fn update_code(&self, value: [u8; 32]) -> Result<(), Error> {
        let res = set_code_hash(&value);

        if res.is_err() {
            return res.map_err(|_| Error::InvalidCodeHash);
        }

        Ok(())
    }

Use instead:

    pub fn update_code(&self, value: [u8; 32]) -> Result<(), Error> {
        if self.admin != Self::env().caller() {
            return Err(Error::NotAnAdmin);
        }

        let res = set_code_hash(&value);

        if res.is_err() {
            return res.map_err(|_| Error::InvalidCodeHash);
        }

        Ok(())
    }

Implementation

The detector's implementation can be found at this link