Solidity : Unsafe type inference

Classification

CWE

CWE-190

CWE/SANS Top 25 2011

CWE-190

CWE/SANS Top 25 2021

CWE-190

Overview

Solidity supports type inference: the type of i in var i = 42; is the smallest integer type sufficient to store the right-hand side value (uint8). Consider a common for-loop pattern:

for (var i = 0; i < array.length; i++) { /* ... */ }

The type of i is inferred to uint8. If array.length is bigger than 255, an overflow will occur. Explicitly define the type when declaring integer variables:

for (uint256 i = 0; i < array.length; i++) { /* ... */ }

References

Solidity: Type Deduction

MEDIUM

Solidity : Unsafe type inference

Classification

Overview

References

DerScanner Severity Score

Do you want to fix Solidity : Unsafe type inference in your application?

See also

Solidity : Return value of transfer, transferFrom, or approve function of ERC-20 standard is always false.

Solidity : Using approve function of the ERC-20 token standard

Solidity : ERC-20 transfer should throw