Merge branch 'main' of github.com:CoinFabrik/scout

CoinFabrik · Aug 2, 2023 · 2459305 · 2459305
2 parents bc618fd + 3c06610
commit 2459305
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 6 deletions.
diff --git a/detectors/avoid-format!-string/src/lib.rs b/detectors/avoid-format!-string/src/lib.rs
@@ -15,7 +15,7 @@ dylint_linting::impl_pre_expansion_lint! {
     /// Detects the usage of `format!` macro.
     ///
     /// ### Why is this bad?
-    /// The usage of format! is not recommended because it can panic the execution.
+    /// The usage of format! is not recommended.
     /// ### Example
     /// ```rust
     ///    #[ink(message)]
@@ -41,7 +41,7 @@ dylint_linting::impl_pre_expansion_lint! {
     /// ```
     pub AVOID_FORMAT_STRING,
     Warn,
-    "`format!` can panic in runtime, and this should be avoided in production code",
+    "`format!` should be avoided in production code",
     AvoidFormatString::default()
 }
 
@@ -68,7 +68,7 @@ impl EarlyLintPass for AvoidFormatString {
                     cx,
                     AVOID_FORMAT_STRING,
                     expr.span,
-                    "The format! macro should not be used, it can panic at runtime.",
+                    "The format! macro should not be used.",
                     None,
                     &format!("Instead, if this is returning an error, define a new error type"),
                 );

diff --git a/docs/docs/detectors/17-avoid-format-string.md b/docs/docs/detectors/17-avoid-format-string.md
@@ -6,7 +6,7 @@ Checks for `format!` macro usage.
 
 ### Why is this bad?
 
-The usage of format! is not recommended because it can panic the execution.
+The usage of format! is not recommended.
 
 ### Example
 

diff --git a/docs/docs/vulnerabilities/17-avoid-format-string.md b/docs/docs/vulnerabilities/17-avoid-format-string.md
@@ -22,7 +22,8 @@ Consider the following `ink!` contract:
     }
 ```
 
-The problem arises from the use of the `format!` macro. This is used to format a string with the given arguments. This is a bad practice because it can panic the execution.
+The problem arises from the use of the `format!` macro. This is used to format a string with the given arguments. Returning a custom error is desirable.
+
 
 The vulnerable code example can be found [`here`](https://github.com/CoinFabrik/scout/tree/main/test-cases/avoid-format!-string/avoid-format!-string-1/vulnerable-example).
 

diff --git a/docs/docs/vulnerabilities/README.md b/docs/docs/vulnerabilities/README.md
@@ -321,7 +321,7 @@ security implications, under the [Best practices](#vulnerability-categories) cat
 
 ### 21 - Unprotected set code hash
 
-If users are allowed to call `terminate_contract`, they can intentionally modify the contract behaviour, leading to the loss of all associated data/tokens and functionalities given by this contract or by others that depend on it. To prevent this, the function should be restricted to administrators or authorized users only.
+If users are allowed to call `set_code_hash`, they can intentionally modify the contract behaviour, leading to the loss of all associated data/tokens and functionalities given by this contract or by others that depend on it. To prevent this, the function should be restricted to administrators or authorized users only.
 
 This vulnerability falls under the [Authorization](#vulnerability-categories) category
 and has a Critical severity.
-Original file line number
+Diff line change
@@ Expand Up / @@ -22,7 +22,8 @@ Consider the following `ink!` contract: @@
         }
     ```
-    The problem arises from the use of the `format!` macro. This is used to format a string with the given arguments. This is a bad practice because it can panic the execution.
+    The problem arises from the use of the `format!` macro. This is used to format a string with the given arguments. Returning a custom error is desirable.
     The vulnerable code example can be found [`here`](https://github.com/CoinFabrik/scout/tree/main/test-cases/avoid-format!-string/avoid-format!-string-1/vulnerable-example).
@@ Expand Down @@