Update SWC-100.md (code comments, disclaimer)

SmartContractSecurity · Aug 21, 2023 · 604f5d4 · 604f5d4
2 parents c66a8b6 + fca4f78
commit 604f5d4
Showing 1 changed file with 24 additions and 1 deletion.
diff --git a/entries/docs/SWC-100.md b/entries/docs/SWC-100.md
@@ -1,10 +1,23 @@
+# Please note, this content is no longer actively maintained.
+
+The content of the SWC registry has not been thoroughly updated since 2020. It is known to be incomplete and may contain errors as well as crucial omissions.
+
+For currently maintained guidance on known Smart Contract vulnerabilities written primarily as guidance for security reviewers, please see the
+[EEA EthTrust Security Levels specification](https://entethalliance.org/specs/ethtrust-sl). As well as the latest release version, an
+[Editor's draft](https://entethalliance.github.io/eta-registry/security-levels-spec.html) is available, 
+that represents the latest work of the group developing the specification.
+
+General guidance for developers on what to consider to ensure security, that is currently maintained, is also available through the 
+[Smart Contract Security Verification Standard (SCSVS)](https://github.com/ComposableSecurity/SCSVS).
+
 # Title
 
 Function Default Visibility
 
 ## Relationships
 
-[CWE-710: Improper Adherence to Coding Standards](https://cwe.mitre.org/data/definitions/710.html)
+- [CWE-710: Improper Adherence to Coding Standards](https://cwe.mitre.org/data/definitions/710.html)
+- [EthTrust Security Levels **[Q] Code Linting**](https://entethalliance.org/specs/ethtrust-sl/#req-3-linted)
 
 ## Description
 
@@ -47,6 +60,16 @@ contract HashForEther {
 
 ```
 
+#### Comments
+
+The function declarations in lines 11 and 17 do not set the visibility of the functions. At least for Solidity 0.4.24
+(as specified in the `pragma` statement), this means they will default to being treated as `public`.
+This allows anyone to call the `_sendWinings()` function and take the money. 
+
+Instead, the fixed version below restricts the `_sendWinnings()` function visibility to `internal`,
+so it can only be activated  by the `WithdrawWinnings()` function that enforces a check
+whether the sender actually met the presumed conditions to receive the money.
+
 ### visibility_not_set_fixed.sol
 
 ```solidity