If a `return` is incorrectly used in assembly modeSLITHER-W1023If a `return` is used instead of a `leave`SLITHER-W1026Storage abiencoderv2 arraySLITHER-W1001transferFrom uses arbitrary `from`SLITHER-W1002Incorrect exponentiationSLITHER-W1022Modifying storage array by valueSLITHER-W1003ABI encodePacked CollisionSLITHER-W1004The order of parameters in a shift instruction is incorrectSLITHER-W1005Multiple constructor schemesSLITHER-W1006Contract's name reusedSLITHER-W1007Detected unprotected variablesSLITHER-W1008Public mappings with nested variablesSLITHER-W1009Right-To-Left-Override control character is usedSLITHER-W1010State variables shadowingSLITHER-W1011Functions allowing anyone to destruct the contractSLITHER-W1012Uninitialized state variablesSLITHER-W1013Uninitialized storage variablesSLITHER-W1014Unprotected upgradeable contractSLITHER-W1015Use Codex to find vulnerabilitiesSLITHER-W1016transferFrom uses arbitrary from with permitSLITHER-W1017Functions that send Ether to arbitrary destinationsSLITHER-W1018Tainted array length assignmentSLITHER-W1019Controlled delegatecall destinationSLITHER-W1020Payable functions using `delegatecall` inside a loopSLITHER-W1021msg.value inside a loopSLITHER-W1024Reentrancy vulnerabilities (theft of ethers)SLITHER-W1025Signed storage integer array compiler bugSLITHER-W1027Unchecked tokens transferSLITHER-W1028Weak PRNGSLITHER-W1029Incorrect ERC721 interfacesSLITHER-W1033Detects ERC20 tokens that have a function whose signature collides with EIP-2612's DOMAIN_SEPARATOR()SLITHER-W1030Detect dangerous enum conversionSLITHER-W1031Incorrect ERC20 interfacesSLITHER-W1032Dangerous strict equalitiesSLITHER-W1034Contracts that lock etherSLITHER-W1035Deletion on mapping containing a structureSLITHER-W1036State variables shadowing from abstract contractsSLITHER-W1037Comparing a variable to itself always returns true or false, depending on comparisonSLITHER-W1038Tautology or contradictionSLITHER-W1039Unused writeSLITHER-W1040Misuse of Boolean constantSLITHER-W1041Constant functions using assembly codeSLITHER-W1042Constant functions changing the stateSLITHER-W1043Imprecise arithmetic operations orderSLITHER-W1044Reentrancy vulnerabilities (no theft of ethers)SLITHER-W1045Reused base constructorSLITHER-W1046Dangerous usage of `tx.origin`SLITHER-W1047Unchecked low-level callsSLITHER-W1048Unchecked sendSLITHER-W1049Uninitialized local variablesSLITHER-W1050Unused return valuesSLITHER-W1051Detects `for` loops that use `length` member of some storage array in their loop condition and don't modify itSLITHER-W1088State variables that could be declared constantSLITHER-W1089Public function that could be declared externalSLITHER-W1090State variables that could be declared immutableSLITHER-W1091Contract reads its own variable using `this`SLITHER-W1092Out-of-order retryable transactionsSLITHER-W1093Assembly usageSLITHER-W1067Local variables used prior their declarationSLITHER-W1056Dangerous usage of `block.timestamp`SLITHER-W1066Assert state changeSLITHER-W1068Conformity to Solidity naming conventionsSLITHER-W1077Unused state variablesSLITHER-W1082Missing inheritanceSLITHER-W1076Modifiers that can return the default valueSLITHER-W1052Functions that are not usedSLITHER-W1084Built-in symbol shadowingSLITHER-W1053Local variables shadowingSLITHER-W1054Uninitialized function pointer calls in constructorsSLITHER-W1055Constructor called not implementedSLITHER-W1057Multiple calls in a loopSLITHER-W1058Missing Events Access ControlSLITHER-W1059Missing Events ArithmeticSLITHER-W1060Dangerous unary expressionsSLITHER-W1061Missing Zero Address ValidationSLITHER-W1062Benign reentrancy vulnerabilitiesSLITHER-W1063Reentrancy vulnerabilities leading to out-of-order EventsSLITHER-W1064A low level callee may consume all callers gas unexpectedlySLITHER-W1065Comparison to boolean constantSLITHER-W1069Detects functions with high (> 11) cyclomatic complexitySLITHER-W1070Deprecated Solidity StandardsSLITHER-W1071Un-indexed ERC20 event parametersSLITHER-W1072Function initializing state variablesSLITHER-W1073Detects using-for statement usage when no function from a given library matches a given typeSLITHER-W1074Low level callsSLITHER-W1075If different pragma directives are usedSLITHER-W1078Redundant statementsSLITHER-W1079Incorrect Solidity versionSLITHER-W1080Unimplemented functionsSLITHER-W1081Costly operations in a loopSLITHER-W1083Reentrancy vulnerabilities through send and transferSLITHER-W1085Variable names are too similarSLITHER-W1086Conformance to numeric notation best practicesSLITHER-W1087
Slither logoSlither/
SLITHER-W1073

Function initializing state variablesSLITHER-W1073

Minor severityMinor
Anti-pattern categoryAnti-pattern

Detects the immediate initialization of state variables through function calls that are not pure/constant, or that use non-constant state variable.

Exploit Scenario

contract StateVarInitFromFunction {

    uint public v = set(); // Initialize from function (sets to 77)
    uint public w = 5;
    uint public x = set(); // Initialize from function (sets to 88)
    address public shouldntBeReported = address(8);

    constructor(){
        // The constructor is run after all state variables are initialized.
    }

    function set() public  returns(uint)  {
        // If this function is being used to initialize a state variable declared
        // before w, w will be zero. If it is declared after w, w will be set.
        if(w == 0) {
            return 77;
        }

        return 88;
    }
}

In this case, users might intend a function to return a value a state variable can initialize with, without realizing the context for the contract is not fully initialized. In the example above, the same function sets two different values for state variables because it checks a state variable that is not yet initialized in one case, and is initialized in the other. Special care must be taken when initializing state variables from an immediate function call so as not to incorrectly assume the state is initialized.

Recommendation

Remove any initialization of state variables via non-constant state variables or function calls. If variables must be set upon contract deployment, locate initialization in the constructor instead.

Learn more

function-init-state on Slither's wiki.