Linting rules

E013: unauthorized-access

Detects storage mutations (`contract.setData(...)`, `*.save()`) that are reachable without a preceding admin sender check.

Metadata

Code: E013
Rule: unauthorized-access
Status: Preview since v0.0.1
Quick fix: not available

What it does

Detects storage mutations (contract.setData(...), *.save()) that are reachable without a preceding admin sender check.

Why is this bad?

State-changing operations that are not guarded by admin authorization may allow arbitrary inbound senders to mutate contract storage.

Behavior notes

This preview rule is disabled (allow) by default. Enable it in config:

[lint.rules]
unauthorized-access = "warn"

Or run only this rule with acton check --enable-only E013.
The analysis currently checks onInternalMessage and treats an assert-style in.senderAddress == *.adminAddress guard as the admin sender check.

Example

fun onInternalMessage(in: InMessage) {
    val storage = lazy Storage.fromCell(contract.getData());
    storage.save();E013: possible storage write without admin sender check
}

Use instead:

fun onInternalMessage(in: InMessage) {
    val storage = lazy Storage.fromCell(contract.getData());
    assert (in.senderAddress == storage.adminAddress) throw ERR_UNAUTHORIZED;
    storage.save();
}

Last updated on

E012: send-mode-literal

Warns when `send` mode is passed as numeric literal instead of `SEND_MODE_*` constants.

E014: several-not-null-assertions

Detects repeated not-null assertions like `foo!!`.

On this page

Why is this bad?