Many security vulnerabilities result from faulty assumptions e.g. who can access what and when, under what conditions, for what reasons etc. Identifying the assumptions made by the program code and evaluating if they are indeed correct can be the source of many audit findings. Some common examples of faulty assumptions are:
- Only admins can call these functions
- Initialization functions will only be called once by the contract deployer (e.g. for upgradeable contracts)
- Functions will always be called in a certain order (as expected by the specification)
- Parameters can only have non-zero values or values within a certain threshold e.g. addresses will never be zero valued
- Certain addresses or data values can never be attacker controlled. They can never reach program locations where they can be misused. (In program analysis literature, this is known as taint analysis)
- Function calls will always be successful and so checking for return values is not required
- Incorrect Assumptions
- Who/What/When/Why etc
- Verify Assumptions
- E.g.: Admins, Input Validation, Return Values