41 lines
1.1 KiB
Solidity
41 lines
1.1 KiB
Solidity
|
/*
|
||
|
* @source: https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-124#arbitrary-location-write-simplesol
|
||
|
* @author: Suhabe Bugrara
|
||
|
* @vulnerable_at_lines: 27
|
||
|
*/
|
||
|
|
||
|
pragma solidity ^0.4.25;
|
||
|
|
||
|
contract Wallet {
|
||
|
uint[] private bonusCodes;
|
||
|
address private owner;
|
||
|
|
||
|
constructor() public {
|
||
|
bonusCodes = new uint[](0);
|
||
|
owner = msg.sender;
|
||
|
}
|
||
|
|
||
|
function () public payable {
|
||
|
}
|
||
|
|
||
|
function PushBonusCode(uint c) public {
|
||
|
bonusCodes.push(c);
|
||
|
}
|
||
|
|
||
|
function PopBonusCode() public {
|
||
|
// <yes> <report> ACCESS_CONTROL
|
||
|
require(0 <= bonusCodes.length); // this condition is always true since array lengths are unsigned
|
||
|
bonusCodes.length--; // an underflow can be caused here
|
||
|
}
|
||
|
|
||
|
function UpdateBonusCodeAt(uint idx, uint c) public {
|
||
|
require(idx < bonusCodes.length);
|
||
|
bonusCodes[idx] = c; // write to any index less than bonusCodes.length
|
||
|
}
|
||
|
|
||
|
function Destroy() public {
|
||
|
require(msg.sender == owner);
|
||
|
selfdestruct(msg.sender);
|
||
|
}
|
||
|
}
|