The Smart Contract Weakness Classification and Test Cases (SWC) Registry is a set of Web3 vulnerabilities to avoid when writing smart contracts. It may seem daunting to understand every issue so I’ll do my best to demystify every issue and explain each vulnerability with real-world examples. This write-up is intended for those who are just starting out in solidity development and smart contract auditing.
SWC-109: Uninitialized Storage Pointer
Take a look at this contract. Focus on the struct Game and the function play(). In play(), the datatype Game is assigned to the game variable, but it does not refer to anything in storage. The game variable is declared as a storage pointer, but the storage pointer is uninitialized.
The following error appears when trying to compile the code.
When a storage pointer is declared in Solidity, it must be initialized before it can be used to access storage variables. If it's not initialized, it will contain a default value of 0, which doesn't point to a valid storage location.
An uninitialized storage pointer in Solidity is a pointer variable that has not been assigned a value that points to a specific storage location. This means that the pointer doesn't know where in storage to find or store data, and attempting to read or write to that pointer can cause unexpected behavior or errors.
Always remember to initialize the storage pointer of a variable! This vulnerability is just for understanding because as of compiler version 0.5.0 and higher, this issue has been systematically resolved as contracts with uninitialized storage pointers no longer compile.
Summary
Check if the compiler version of the contract is 0.5.0 and higher
Always initialize storage pointers
Reference
https://swcregistry.io/docs/SWC-109