Unsafe Unicode Characters
What it detects
Certain Unicode characters look identical or very similar but have different code points. Attackers might use them in source files to hide malicious logic. The detector scans for uncommon or homoglyph characters in identifiers and strings.
Typical symptoms
- Identifiers contain zero-width or visually ambiguous characters
- Comments or strings use unusual Unicode code points
Solidity snippet (v0.8.25)
pragma solidity ^0.8.25;
contract UnicodeBug {
string public message = "DeFi\u200bRocks"; // contains zero-width space
}
Why it matters on EVM
Sneaky Unicode characters can make audits harder and disguise malicious behavior in seemingly innocuous code.