View function should not write to state
Description
View functions in Cairo should not modify the state. The given view function $FN writes to the state, which could lead to unintended behavior and security vulnerabilities.
Examples
Insecure Code
cairo
fn get_balance(self: ContractState) {
self.balance += 1;
}Secure Code
cairo
fn get_balance(self: ContractState) -> felt {
return self.balance;
}Remediation
Remove the state modification from the view function or change its visibility to a non-view function.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0209 |
| Category | Security |
| Severity | HIGH |
| CWE | CWE-749 |
| Confidence | LOW |
| Impact | HIGH |
| Likelihood | LOW |
| Exploitability | MODERATE |
| Tags | view function, state modification |
| OWASP | N/A |