View function should not modify state
Description
The view function $FN is able to modify the state, which is a security risk. View functions should be read-only and not have any side effects.
Examples
Insecure Code
cairo
fn get_balance(self: ContractState) { ... }Secure Code
cairo
fn get_balance() -> uint256 { ... }Remediation
Remove the state-modifying code from the view function or rename it to a non-view function.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0486 |
| Category | Security |
| Severity | MEDIUM |
| CWE | CWE-749 |
| Confidence | LOW |
| Impact | LOW |
| Likelihood | LOW |
| Exploitability | COMPLEX |
| Tags | security, view function, state modification |
| OWASP | N/A |