Incorrect Function Visibility

What it detects

A function marked public or external when it should be internal can expose sensitive logic. Conversely, using private may disable overrides. This detector highlights mismatched visibility that could enable abuse or hinder upgrades.

Typical symptoms

State-changing helpers declared public
Expected overrides not possible due to private

Solidity snippet (v0.8.25)

pragma solidity ^0.8.25;

contract VisibilityIssue {
    // Should be internal
    function update(uint256 x) public {
        // ...
    }
}

Why it matters on EVM

Incorrect visibility can give attackers entry points or break inheritance patterns, leading to unexpected behaviors and vulnerabilities.

What it detects​

Typical symptoms​

Solidity snippet (v0.8.25)​

Why it matters on EVM​

What it detects

Typical symptoms

Solidity snippet (v0.8.25)

Why it matters on EVM