Merge pull request #301 from SmartContractSecurity/patch-disclaimers

add disclaimers to all entries

entries/docs/SWC-100.md

@@ -4,10 +4,10 @@ The content of the SWC registry has not been thoroughly updated since 2020. It i
 
 For currently maintained guidance on known Smart Contract vulnerabilities written primarily as guidance for security reviewers, please see the
 [EEA EthTrust Security Levels specification](https://entethalliance.org/specs/ethtrust-sl). As well as the latest release version, an
-[Editor's draft](https://entethalliance.github.io/eta-registry/security-levels-spec.html) is available, 
+[Editor's draft](https://entethalliance.github.io/eta-registry/security-levels-spec.html) is available,
 that represents the latest work of the group developing the specification.
 
-General guidance for developers on what to consider to ensure security, that is currently maintained, is also available through the 
+General guidance for developers on what to consider to ensure security, that is currently maintained, is also available through the
 [Smart Contract Security Verification Standard (SCSVS)](https://github.com/ComposableSecurity/SCSVS).
 
 # Title
@@ -17,7 +17,8 @@ Function Default Visibility
 ## Relationships
 
 - [CWE-710: Improper Adherence to Coding Standards](https://cwe.mitre.org/data/definitions/710.html)
-- [EthTrust Security Levels **[Q] Code Linting**](https://entethalliance.org/specs/ethtrust-sl/#req-3-linted)
+- EthTrust Security Levels:
+  - [**[Q] Code Linting**](https://entethalliance.org/specs/ethtrust-sl/#req-3-linted)
 
 ## Description
 
@@ -39,7 +40,7 @@ Functions can be specified as being `external`, `public`, `internal` or `private
 ```solidity
 /*
  * @source: https://github.com/sigp/solidity-security-blog#visibility
- * @author: SigmaPrime 
+ * @author: SigmaPrime
  * Modified by Gerhard Wagner
  */
 
@@ -48,7 +49,7 @@ pragma solidity ^0.4.24;
 contract HashForEther {
 
     function withdrawWinnings() {
-        // Winner if the last 8 hex characters of the address are 0. 
+        // Winner if the last 8 hex characters of the address are 0.
         require(uint32(msg.sender) == 0);
         _sendWinnings();
      }
@@ -64,7 +65,7 @@ contract HashForEther {
 
 The function declarations in lines 11 and 17 do not set the visibility of the functions. At least for Solidity 0.4.24
 (as specified in the `pragma` statement), this means they will default to being treated as `public`.
-This allows anyone to call the `_sendWinings()` function and take the money. 
+This allows anyone to call the `_sendWinings()` function and take the money.
 
 Instead, the fixed version below restricts the `_sendWinnings()` function visibility to `internal`,
 so it can only be activated  by the `WithdrawWinnings()` function that enforces a check

entries/docs/SWC-101.md

@@ -1,10 +1,26 @@
+# Please note, this content is no longer actively maintained.
+
+The content of the SWC registry has not been thoroughly updated since 2020. It is known to be incomplete and may contain errors as well as crucial omissions.
+
+For currently maintained guidance on known Smart Contract vulnerabilities written primarily as guidance for security reviewers, please see the
+[EEA EthTrust Security Levels specification](https://entethalliance.org/specs/ethtrust-sl). As well as the latest release version, an
+[Editor's draft](https://entethalliance.github.io/eta-registry/security-levels-spec.html) is available,
+that represents the latest work of the group developing the specification.
+
+General guidance for developers on what to consider to ensure security, that is currently maintained, is also available through the
+[Smart Contract Security Verification Standard (SCSVS)](https://github.com/ComposableSecurity/SCSVS).
+
 # Title
 
 Integer Overflow and Underflow
 
 ## Relationships
 
-[CWE-682: Incorrect Calculation](https://cwe.mitre.org/data/definitions/682.html)
+- [CWE-682: Incorrect Calculation](https://cwe.mitre.org/data/definitions/682.html)
+- EthTrust Security Levels:
+  - [**[S] No Overflow/Underflow**](https://entethalliance.org/specs/ethtrust-sl/#req-1-overflow-underflow)
+  - [**[M] Safe Overflow/Underflow**](https://entethalliance.org/specs/ethtrust-sl/#req-2-overflow-underflow)
+  - [**[M] Documented Defensive Coding**](https://entethalliance.org/specs/ethtrust-sl/#req-2-documented)
 
 ## Description
 
@@ -650,7 +666,7 @@ contract PausableToken is StandardToken, Pausable {
   function approve(address _spender, uint256 _value) public whenNotPaused returns (bool) {
     return super.approve(_spender, _value);
   }
-  
+
   function batchTransfer(address[] _receivers, uint256 _value) public whenNotPaused returns (bool) {
     uint cnt = _receivers.length;
     uint256 amount = uint256(cnt) * _value;

entries/docs/SWC-102.md

@@ -4,10 +4,10 @@ The content of the SWC registry has not been thoroughly updated since 2020. It i
 
 For currently maintained guidance on known Smart Contract vulnerabilities written primarily as guidance for security reviewers, please see the
 [EEA EthTrust Security Levels specification](https://entethalliance.org/specs/ethtrust-sl). As well as the latest release version, an
-[Editor's draft](https://entethalliance.github.io/eta-registry/security-levels-spec.html) is available, 
+[Editor's draft](https://entethalliance.github.io/eta-registry/security-levels-spec.html) is available,
 that represents the latest work of the group developing the specification.
 
-General guidance for developers on what to consider to ensure security, that is currently maintained, is also available through the 
+General guidance for developers on what to consider to ensure security, that is currently maintained, is also available through the
 [Smart Contract Security Verification Standard (SCSVS)](https://github.com/ComposableSecurity/SCSVS).
 
 # Title
@@ -16,7 +16,12 @@ Outdated Compiler Version
 
 ## Relationships
 
-[CWE-937: Using Components with Known Vulnerabilities](http://cwe.mitre.org/data/definitions/937.html)
+- [CWE-937: Using Components with Known Vulnerabilities](http://cwe.mitre.org/data/definitions/937.html)
+- EEA EthTrust Security Levels:
+  - [**Level [S]** Improved Compilers](https://entethalliance.org/specs/ethtrust-sl/#sec-1-compile-improvements)
+  - [**Level [S]** Compiler Security Bugs](https://entethalliance.org/specs/ethtrust-sl/#sec-1-compiler-bugs)
+  - [**Level [M]** Compiler Bugs and Overriding Requirements](https://entethalliance.org/specs/ethtrust-sl/#sec-level-2-compiler-bugs)
+  - [**Recommended Practice** Use the Latest Compiler](https://entethalliance.org/specs/ethtrust-sl/#req-R-use-latest-compiler)
 
 ## Description
 
@@ -30,11 +35,6 @@ It is recommended to use a recent version of the Solidity compiler.
 
 - [Solidity Release Notes](https://github.com/ethereum/solidity/releases)
 - [Etherscan Solidity Bug Info](https://etherscan.io/solcbuginfo)
-- EEA EthTrust Security Levels:
-  - [**Level [S]** Compiler Security Bugs](https://entethalliance.org/specs/ethtrust-sl/#sec-1-compiler-bugs)
-  - [**Level [S]** Improved Compilers](https://entethalliance.org/specs/ethtrust-sl/#sec-1-compile-improvements)
-  - [**Level [M]** Compiler Bugs and Overriding Requirements](https://entethalliance.org/specs/ethtrust-sl/#sec-level-2-compiler-bugs)
-  - [**Recommended Practice** Use the Latest Compiler](https://entethalliance.org/specs/ethtrust-sl/#req-R-use-latest-compiler)
 
 ## Samples
 
@@ -52,10 +52,9 @@ contract OutdatedCompilerVersion {
 #### Comments
 
 As of August 2023 the current version of the compiler is 0.8.21. There are several dozen compiler bugs that have been fixed between that and version 0.4.13,
-each of which can lead to data being corrupted, contracts not functioning as expected, or unexpected vulnerabilities in contracts. 
+each of which can lead to data being corrupted, contracts not functioning as expected, or unexpected vulnerabilities in contracts.
 There have also been significant improvements in compiler capabilities to protect against errors.
 
 See also the sections [**Level [S]** Compiler Security Bugs](https://entethalliance.org/specs/ethtrust-sl/#sec-1-compiler-bugs),
 [**Level [S]** Improved Compilers](https://entethalliance.org/specs/ethtrust-sl/#sec-1-compile-improvements), and
 [**Level [M]** Compiler Bugs and Overriding Requirements](https://entethalliance.org/specs/ethtrust-sl/#sec-level-2-compiler-bugs)
-

entries/docs/SWC-103.md

@@ -1,10 +1,27 @@
+# Please note, this content is no longer actively maintained.
+
+The content of the SWC registry has not been thoroughly updated since 2020. It is known to be incomplete and may contain errors as well as crucial omissions.
+
+For currently maintained guidance on known Smart Contract vulnerabilities written primarily as guidance for security reviewers, please see the
+[EEA EthTrust Security Levels specification](https://entethalliance.org/specs/ethtrust-sl). As well as the latest release version, an
+[Editor's draft](https://entethalliance.github.io/eta-registry/security-levels-spec.html) is available,
+that represents the latest work of the group developing the specification.
+
+General guidance for developers on what to consider to ensure security, that is currently maintained, is also available through the
+[Smart Contract Security Verification Standard (SCSVS)](https://github.com/ComposableSecurity/SCSVS).
+
 # Title
 
 Floating Pragma
 
 ## Relationships
 
-[CWE-664: Improper Control of a Resource Through its Lifetime](https://cwe.mitre.org/data/definitions/664.html)
+- [CWE-664: Improper Control of a Resource Through its Lifetime](https://cwe.mitre.org/data/definitions/664.html)
+- EEA EthTrust Security Levels:
+  - [**Level [S]** Improved Compilers](https://entethalliance.org/specs/ethtrust-sl/#sec-1-compile-improvements)
+  - [**Level [S]** Compiler Security Bugs](https://entethalliance.org/specs/ethtrust-sl/#sec-1-compiler-bugs)
+  - [**Level [M]** Compiler Bugs and Overriding Requirements](https://entethalliance.org/specs/ethtrust-sl/#sec-level-2-compiler-bugs)
+  - [**Recommended Practice** Use the Latest Compiler](https://entethalliance.org/specs/ethtrust-sl/#req-R-use-latest-compiler)
 
 ## Description
 

entries/docs/SWC-104.md

@@ -1,10 +1,24 @@
+# Please note, this content is no longer actively maintained.
+
+The content of the SWC registry has not been thoroughly updated since 2020. It is known to be incomplete and may contain errors as well as crucial omissions.
+
+For currently maintained guidance on known Smart Contract vulnerabilities written primarily as guidance for security reviewers, please see the
+[EEA EthTrust Security Levels specification](https://entethalliance.org/specs/ethtrust-sl). As well as the latest release version, an
+[Editor's draft](https://entethalliance.github.io/eta-registry/security-levels-spec.html) is available,
+that represents the latest work of the group developing the specification.
+
+General guidance for developers on what to consider to ensure security, that is currently maintained, is also available through the
+[Smart Contract Security Verification Standard (SCSVS)](https://github.com/ComposableSecurity/SCSVS).
+
 # Title
 
 Unchecked Call Return Value
 
 ## Relationships
 
-[CWE-252: Unchecked Return Value](https://cwe.mitre.org/data/definitions/252.html)
+- [CWE-252: Unchecked Return Value](https://cwe.mitre.org/data/definitions/252.html)
+- EthTrust Security Levels:
+  - [**[M] Handle External Call Returns**](https://entethalliance.github.io/eta-registry/security-levels-spec.html#req-2-handle-return)
 
 ## Description
 

entries/docs/SWC-105.md

@@ -1,10 +1,25 @@
+# Please note, this content is no longer actively maintained.
+
+The content of the SWC registry has not been thoroughly updated since 2020. It is known to be incomplete and may contain errors as well as crucial omissions.
+
+For currently maintained guidance on known Smart Contract vulnerabilities written primarily as guidance for security reviewers, please see the
+[EEA EthTrust Security Levels specification](https://entethalliance.org/specs/ethtrust-sl). As well as the latest release version, an
+[Editor's draft](https://entethalliance.github.io/eta-registry/security-levels-spec.html) is available,
+that represents the latest work of the group developing the specification.
+
+General guidance for developers on what to consider to ensure security, that is currently maintained, is also available through the
+[Smart Contract Security Verification Standard (SCSVS)](https://github.com/ComposableSecurity/SCSVS).
+
 # Title
 
 Unprotected Ether Withdrawal
 
 ## Relationships
 
-[CWE-284: Improper Access Control](https://cwe.mitre.org/data/definitions/284.html)
+- [CWE-284: Improper Access Control](https://cwe.mitre.org/data/definitions/284.html)
+- EthTrust Security Levels:
+  - [**[M] Protect Self-destruction**](https://entethalliance.github.io/eta-registry/security-levels-spec.html#req-2-self-destruct)
+  - [**[Q] Enforce Least Privilege**](https://entethalliance.github.io/eta-registry/security-levels-spec.html#req-3-access-control)
 
 ## Description
 
@@ -230,7 +245,7 @@ pragma solidity ^0.4.23;
 contract MultiOwnable {
   address public root;
   mapping (address => address) public owners; // owner => parent of owner
-  
+
   /**
   * @dev The Ownable constructor sets the original `owner` of the contract to the sender
   * account.
@@ -239,25 +254,25 @@ contract MultiOwnable {
     root = msg.sender;
     owners[root] = root;
   }
-  
+
   /**
   * @dev Throws if called by any account other than the owner.
   */
   modifier onlyOwner() {
     require(owners[msg.sender] != 0);
     _;
   }
-  
+
   /**
   * @dev Adding new owners
   * Note that the "onlyOwner" modifier is used here.
-  */ 
+  */
   function newOwner(address _owner) onlyOwner external returns (bool) {
     require(_owner != 0);
     owners[_owner] = msg.sender;
     return true;
   }
-  
+
   /**
     * @dev Deleting owners
     */
@@ -269,7 +284,7 @@ contract MultiOwnable {
 }
 
 contract TestContract is MultiOwnable {
-  
+
   function withdrawAll() onlyOwner {
     msg.sender.transfer(this.balance);
   }
@@ -292,7 +307,7 @@ pragma solidity ^0.4.23;
 contract MultiOwnable {
   address public root;
   mapping (address => address) public owners; // owner => parent of owner
-  
+
   /**
   * @dev The Ownable constructor sets the original `owner` of the contract to the sender
   * account.
@@ -301,25 +316,25 @@ contract MultiOwnable {
     root = msg.sender;
     owners[root] = root;
   }
-  
+
   /**
   * @dev Throws if called by any account other than the owner.
   */
   modifier onlyOwner() {
     require(owners[msg.sender] != 0);
     _;
   }
-  
+
   /**
   * @dev Adding new owners
   * Note that the "onlyOwner" modifier is missing here.
-  */ 
+  */
   function newOwner(address _owner) external returns (bool) {
     require(_owner != 0);
     owners[_owner] = msg.sender;
     return true;
   }
-  
+
   /**
     * @dev Deleting owners
     */
@@ -331,7 +346,7 @@ contract MultiOwnable {
 }
 
 contract TestContract is MultiOwnable {
-  
+
   function withdrawAll() onlyOwner {
     msg.sender.transfer(this.balance);
   }
@@ -371,7 +386,7 @@ pragma solidity ^0.4.24;
 
 contract Wallet {
     address creator;
-    
+
     mapping(address => uint256) balances;
 
     constructor() public {
@@ -382,7 +397,7 @@ contract Wallet {
     	assert(balances[msg.sender] + msg.value > balances[msg.sender]);
         balances[msg.sender] += msg.value;
     }
-    
+
     function withdraw(uint256 amount) public {
         require(amount <= balances[msg.sender]);
         msg.sender.transfer(amount);
@@ -417,7 +432,7 @@ pragma solidity ^0.4.24;
 
 contract Wallet {
     address creator;
-    
+
     mapping(address => uint256) balances;
 
     constructor() public {
@@ -428,7 +443,7 @@ contract Wallet {
     	assert(balances[msg.sender] + msg.value > balances[msg.sender]);
         balances[msg.sender] += msg.value;
     }
-    
+
     function withdraw(uint256 amount) public {
         require(amount <= balances[msg.sender]);
         msg.sender.transfer(amount);
@@ -461,7 +476,7 @@ pragma solidity ^0.4.24;
 
 contract Wallet {
     address creator;
-    
+
     mapping(address => uint256) balances;
 
     function initWallet() public {
@@ -472,7 +487,7 @@ contract Wallet {
     	assert(balances[msg.sender] + msg.value > balances[msg.sender]);
         balances[msg.sender] += msg.value;
     }
-    
+
     function withdraw(uint256 amount) public {
         require(amount <= balances[msg.sender]);
         msg.sender.transfer(amount);
@@ -496,13 +511,13 @@ contract Wallet {
 pragma solidity ^0.4.24;
 
 /* User can add pay in and withdraw Ether.
-   Unfortunatelty, the developer was drunk and used the wrong comparison operator in "withdraw()"
+   Unfortunately, the developer was drunk and used the wrong comparison operator in "withdraw()"
    Anybody can withdraw arbitrary amounts of Ether :()
 */
 
 contract Wallet {
     address creator;
-    
+
     mapping(address => uint256) balances;
 
     constructor() public {
@@ -513,7 +528,7 @@ contract Wallet {
     	assert(balances[msg.sender] + msg.value > balances[msg.sender]);
         balances[msg.sender] += msg.value;
     }
-    
+
     function withdraw(uint256 amount) public {
         require(amount >= balances[msg.sender]);
         msg.sender.transfer(amount);