Secureum Book
  • 🛡️Secureum Bootcamp
    • 🛡️Secureum Bootcamp
    • 🙌Participate
    • 📜History
  • 📚LEARN
    • Introduction
      • 🔷1. Ethereum Basics
        • 1.1 Ethereum: Concept, Infrastructure & Purpose
        • 1.2 Properties of the Ethereum Infrastructure
        • 1.3 Ethereum vs. Bitcoin
        • 1.4 Ethereum Core Components
        • 1.5 Gas Metering: Solving the Halting Problem
        • 1.6 web2 vs. web3: The Paradigm Shift
        • 1.7 Decentralization
        • 1.8 Cryptography, Digital Signature & Keys
        • 1.9 Ethereum State & Account Types
        • 1.10 Transactions: Properties & Components
        • 1.11 Contract Creation
        • 1.12 Transactions, Messages & Blockchain
        • 1.13 EVM (Ethereum Virtual Machine) in Depth
        • 1.14 Transaction Reverts & Data
        • 1.15 Block Explorer
        • 1.16 Mainnet & Testnets
        • 1.17 ERCs & EIPs
        • 1.18 Legal Aspects in web3: Pseudonymity & DAOs
        • 1.19 Security in web3
        • 1.20 web2 Timescales vs. web3 Timescales
        • 1.21 Test-in-Prod. SSLDC vs. Audits
        • Summary: 101 Keypoints
      • 🌀2. Solidity
        • 2.1 Solidity: Influence, Features & Layout
        • 2.2 SPDX & Pragmas
        • 2.3 Imports
        • 2.4 Comments & NatSpec
        • 2.5 Smart Contracts
        • 2.6 State Variables: Definition, Visibility & Mutability
        • 2.7 Data Location
        • 2.8 Functions
        • 2.9 Events
        • 2.10 Solidity Typing
        • 2.11 Solidity Variables
        • 2.12 Address Type
        • 2.13 Conversions
        • 2.14 Keywords & Shorthand Operators
        • 2.15 Solidity Units
        • 2.16 Block & Transaction Properties
        • 2.17 ABI Encoding & Decoding
        • 2.18 Error Handling
        • 2.19 Mathematical & Cryptographic Functions
        • 2.20 Control Structures
        • 2.21 Style & Conventions
        • 2.22 Inheritance
        • 2.23 EVM Storage
        • 2.24 EVM Memory
        • 2.25 Inline Assembly
        • 2.26 Solidity Version Changes
        • 2.27 Security Checks
        • 2.28 OpenZeppelin Libraries
        • 2.29 DAppSys Libraries
        • 2.30 Important Protocols
        • Summary: 201 Keypoints
      • 🔏3. Security Pitfalls & Best Practices
        • 3.1 Solidity Versions
        • 3.2 Access Control
        • 3.3 Modifiers
        • 3.4 Constructor
        • 3.5 Delegatecall
        • 3.6 Reentrancy
        • 3.7 Private Data
        • 3.8 PRNG & Time
        • 3.9 Math & Logic
        • 3.10 Transaction Order Dependence
        • 3.11 ecrecover
        • 3.12 Unexpected Returns
        • 3.13 Ether Accounting
        • 3.14 Transaction Checks
        • 3.15 Delete Mappings
        • 3.16 State Modification
        • 3.17 Shadowing & Pre-declaration
        • 3.18 Gas & Costs
        • 3.19 Events
        • 3.20 Unary Expressions
        • 3.21 Addresses
        • 3.22 Assertions
        • 3.23 Keywords
        • 3.24 Visibility
        • 3.25 Inheritance
        • 3.26 Reference Parameters
        • 3.27 Arbitrary Jumps
        • 3.28 Hash Collisions & Byte Level Issues
        • 3.29 Unicode RTLO
        • 3.30 Variables
        • 3.31 Pointers
        • 3.32 Out-of-range Enum
        • 3.33 Dead Code & Redundant Statements
        • 3.34 Compiler Bugs
        • 3.35 Proxy Pitfalls
        • 3.36 Token Pitfalls
        • 3.37 Special Token Pitfalls
        • 3.38 Guarded Launch Pitfalls
        • 3.39 System Pitfalls
        • 3.40 Access Control Pitfalls
        • 3.41 Testing, Unused & Redundand Code
        • 3.42 Handling Ether
        • 3.43 Application Logic Pitfalls
        • 3.44 Saltzer & Schroeder's Design Principles
        • Summary: 201 Keypoints
      • 🗜️4. Audit Techniques & Tools
        • 4.1 Audit
        • 4.2 Analysis Techniques
        • 4.3 Specification, Documentation & Testing
        • 4.4 False Positives & Negatives
        • 4.5 Security Tools
        • 4.6 Audit Process
        • Summary: 101 Keypoints
      • ☝️5. Audit Findings
        • 5.1 Criticals
        • 5.2 Highs
        • 5.3 Mediums
        • 5.4 Lows
        • 5.5 Informationals
        • Summary: 201 Keypoints
  • 🌱CARE
    • CARE
      • CARE Reports
  • 🚩CTFs
    • A-MAZE-X CTFs
      • Secureum A-MAZE-X
      • Secureum A-MAZE-X Stanford
      • Secureum A-MAZE-X Maison de la Chimie Paris
Powered by GitBook
On this page
  • State Visibility
  • State Mutability
  1. LEARN
  2. Introduction
  3. 2. Solidity

2.6 State Variables: Definition, Visibility & Mutability

These are variables that can be accessed by all the contact functions. The data location where these state variables are stored is what is known as the contract storage.

Recall EVM has multiple components: the stack, calldata, volatile memory and the non-volatile storage. This non-volatile storage is where the state variables are stored because they need to persist across transactions that affect the contract state.

State Visibility

In Solidity, state variables have a concept known as visibility: who can see the state variables and who can access them. Visibility specifiers indicate this property. There are three specifiers:

  • public: these state variables are part of the contract interface and they can be accessed either internally (from within the contract) or from outside the contract via messages.\

    For such public state variables, an automatic getter function is generated by the compiler, which is used to access their values.

  • internal: these state variables can be accessed only internally; from within the current contract or contracts deriving from this contract.

  • private: these state variables can be accessed only from within the contract.\

    They are defined at, and not even from the contracts that are derived from it.

Visibility specifiers are interesting from a security perspective because, although these seem to give an impression that certain state variables are private (in a sort of a privacy centric manner), everything that is within the contract is visible to all the observers external to the blockchain.

The private visibility specifier makes these variables private to the contract and prevents only other contracts from reading those private state variables on chain, however all the variables can be looked at can be queried via different interfaces.

State Mutability

State variables also have the concept of mutability. It indicates when can those state variables be modified and what are the rules for those modifications. There are two such specifiers

  • constant: these state variables are fixed at compile, which means that their value is the same as when they were declared for the life of the contract.\

    There are certain rules for what expressions can be used for defining these constant variables within the contract.

  • immutable: these on the other hand are fixed at construction time, which means that they can be assigned values within the constructor of the contract or at the point of declaration.\

    They cannot be read during construction time and they can only be assigned once.

The concept of mutability allows the Solidity compiler to prevent reserving any storage slot for these variables, making thesm storage and gas efficient: the gas cost of constant and immutable variables are lower.

The reason for this is because the expression that is assigned to it is copied to all the places where it is accessed within the contract and it's also re-evaluated each time. This aspect allows the Solidity compiler to make some local optimizations wherever constant variables are used. And in the case of immutable state variables, they're evaluated only once at construction time and then their value is copied to all the places in the code where they are used. For these immutable variables, 32 bytes are reserved even if they require fewer bytes.

Due to this, constant variables can sometimes be cheaper than immutable ones. For now the only supported types for these variables are strings and value types.

Previous2.5 Smart ContractsNext2.7 Data Location

Last updated 1 year ago

📚
🌀