All smart contract security issues in one place: An introduction to the SWC Registry
By Mike Pumphrey | Tuesday, December 10th, 2019
The SWC Registry is an indispensable resource for securing your smart contracts. Here we show how you can use it most effectively.
In our last post, we showed you how you can use Remix with the MythX plugin to detect weaknesses in smart contract code.
Now, let’s talk about those weaknesses.
Smart contract weaknesses are classified into many different types, allowing for easier management and discussion. The code that generates the weakness may vary widely, but the type of weakness is the same.
This sort of thing isn’t unique to smart contracts, of course. The idea of “signatures” in an antivirus context has been around for decades, and the Common Weakness Enumeration (CWE), describes software weaknesses in much the same way.
But smart contracts, due to the specific nature of the blockchain, require specialized discussion. A weakness in software written in C++ is just not the same.
With this in mind, a group of developers, auditors, and researchers at ConsenSys Diligence (where MythX was originally developed) created an analog to the CWE called the SWC Registry, or Smart Contract Weakness Classification Registry.
The SWC Registry is designed to provide smart contract developers with both language and remediation steps for dealing with issues that come up in the smart contract secure development lifecycle (SDLC).
In the SWC Registry, each entry (what we call an “SWC”) has its own ID and signature, description, code samples and remediation steps. In short, the SWC Registry contains everything you need to know to fix your smart contracts. Plus, it is both open source and community-managed.
Now let’s take a look at the registry itself.Continue…