Update nexus wiki content
This commit is contained in:
61
wiki/concepts/SWC-Registry.md
Normal file
61
wiki/concepts/SWC-Registry.md
Normal file
@@ -0,0 +1,61 @@
|
||||
---
|
||||
title: "SWC Registry(智能合约弱点分类)"
|
||||
type: concept
|
||||
tags: [blockchain, security, smart-contract, classification, standard]
|
||||
sources: [blockchain-security-auditor]
|
||||
last_updated: 2026-05-30
|
||||
---
|
||||
|
||||
## Aliases
|
||||
- SWC Registry
|
||||
- Smart Contract Weakness Classification
|
||||
- SWC-100, SWC-101, etc.
|
||||
|
||||
## Definition
|
||||
|
||||
SWC Registry(Smart Contract Weakness Classification Registry)是由 Ethereum Foundation 维护的智能合约安全弱点标准化分类体系,提供漏洞的编号、描述、示例和修复建议,是审计报告引用的权威漏洞分类标准。
|
||||
|
||||
## Key SWC Categories
|
||||
|
||||
| SWC ID | Name | Description |
|
||||
|--------|------|-------------|
|
||||
| SWC-100 | Function Default Visibility | 函数默认可见性为 public |
|
||||
| SWC-101 | Integer Overflow/Underflow | 整数溢出(下溢在 Solidity 0.8+ 中自动 revert) |
|
||||
| SWC-103 | Floating Pragma | 浮动 Solidity 版本(应锁定版本) |
|
||||
| SWC-104 | Unchecked Call Return Value | 未检查外部调用返回值 |
|
||||
| SWC-105 | Unprotected Ether Withdrawal | 无保护的 ETH 提取 |
|
||||
| SWC-106 | Unprotected SELFDESTRUCT | 无保护的 selfdestruct |
|
||||
| SWC-107 | Reentrancy | 重入攻击 |
|
||||
| SWC-108 | State Variable Default Visibility | 状态变量默认可见性 |
|
||||
| SWC-109 | Uninitialized Storage Pointer | 未初始化的存储指针 |
|
||||
| SWC-110 | Assert Violation | assert 语句失败 |
|
||||
| SWC-111 | Use of Deprecated Functions | 使用已废弃函数 |
|
||||
| SWC-112 | Delegatecall to Untrusted Callee | delegatecall 到不可信地址 |
|
||||
| SWC-113 | DoS with Failed Call | 失败调用导致的 DoS |
|
||||
| SWC-114 | Order Dependencies | 交易顺序依赖 |
|
||||
| SWC-115 | Authorization Through tx.origin | 通过 tx.origin 授权 |
|
||||
|
||||
## Usage in Audit Reports
|
||||
|
||||
审计报告中每个发现通常包含:
|
||||
- **SWC ID**:标准漏洞编号(如 C-01 对应 SWC-107)
|
||||
- **描述**:漏洞的标准化定义
|
||||
- **代码示例**:SWC Registry 中的参考代码
|
||||
- **修复建议**:该漏洞的标准修复方案
|
||||
|
||||
## Relationship to Audit
|
||||
|
||||
- SWC Registry 是 [[Blockchain-Security-Auditor]] 撰写审计报告时的**标准引用**
|
||||
- [[Slither]] 的 `--checklist` 模式直接映射到 SWC 分类
|
||||
- SWC-107(Reentrancy)和 SWC-104(Unchecked Call)是最高频出现的漏洞
|
||||
|
||||
## Limitations
|
||||
|
||||
- 无法覆盖所有漏洞类型(新兴攻击模式可能尚无 SWC 编号)
|
||||
- Solidity 0.8+ 后部分 SWC(如 SWC-101)已自动防护
|
||||
- 部分 SWC 编号定义过于宽泛
|
||||
|
||||
## Connections
|
||||
- [[Blockchain-Security-Auditor]] ← references ← [[SWC Registry]]
|
||||
- [[Slither]] ← maps to ← [[SWC Registry]]
|
||||
- [[The-DAO-2016]] ← classified as ← SWC-107 (Reentrancy)
|
||||
Reference in New Issue
Block a user