Title

Assert Violation

Relationships

CWE-670: Always-Incorrect Control Flow Implementation

Description

The Solidity assert() function is meant to assert invariants. Properly functioning code should never reach a failing assert statement. A reachable assertion can mean one of two things:

A bug exists in the contract that allows it to enter an invalid state;
The assert statement is used incorrectly, e.g. to validate inputs.

Remediation

Consider whether the condition checked in the assert() is actually an invariant. If not, replace the assert() statement with a require() statement.

If the exception is indeed caused by unexpected behaviour of the code, fix the underlying bug(s) that allow the assertion to be violated.

References

The use of revert(), assert(), and require() in Solidity, and the new REVERT opcode in the EVM

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

SWC-110.md

SWC-110.md

Title

Relationships

Description

Remediation

References

Files

SWC-110.md

Latest commit

History

SWC-110.md

File metadata and controls

Title

Relationships

Description

Remediation

References