Tautological Compare
Detects comparisons that are always true or always false due to type constraints, rendering conditional logic dead.
Tautological Compare
Overview
The tautological compare detector identifies conditional expressions whose result is known at compile time due to type constraints. The most common case is uint >= 0, which is always true because unsigned integers cannot be negative. This typically indicates a logic error — the developer intended a meaningful check (e.g., > 0 or >= minAmount) but wrote a condition that provides no protection.
Why This Is an Issue
A tautological condition means the guard does not filter any inputs. If the developer wrote require(amount >= 0) intending to reject zero amounts, the check passes for all inputs including zero. Similarly, require(uint8_var <= 255) is always true and does not validate the variable’s range. The code compiles and runs without error, but the intended validation is absent.
How to Resolve
// Before: Tautological — uint is always >= 0
require(amount >= 0, "Negative amount");
// After: Fixed — meaningful check
require(amount > 0, "Zero amount");
// Before: Tautological — uint8 is always <= 255
require(smallValue <= 255, "Too large");
// After: Fixed — use actual bound
require(smallValue <= MAX_ALLOWED, "Exceeds limit");Detection Methodology
- Comparison extraction: Identifies comparison opcodes (LT, GT, SLT, SGT, EQ, ISZERO) and their operands.
- Type inference: Infers operand types from context (function parameters, storage loads, arithmetic results).
- Tautology detection: Checks whether the comparison result is determined by type constraints alone (e.g., unsigned value compared against 0 with
>=). - Dead branch marking: Flags the unreachable branch as dead code.
Limitations
False positives: Comparisons that appear tautological but guard against future type changes (e.g., a uint256 that might be changed to int256 in a future upgrade) may be intentional defensive coding. False negatives: Complex expressions where the tautological nature depends on multiple variable interactions may not be detected.
Related Detectors
- Business Logic Error — detects broader logic issues
- Input Validation — detects missing input validation