Unprotected Selfdestruct

Unprotected selfdestruct happens when due to missing or insufficient access controls, adversaries can self-destruct the contract. The selfdestruct(address) function removes all bytecode from the contract address and sends all ether stored to the specified address. If this specified address is also a contract, no functions (including the fallback) get called.

SWC-106 - Unprotected SELFDESTRUCT Instruction

Remediation

Consider removing the self-destruct functionality unless it is absolutely required.

Metadata

Severity: high
Slug: unprotected-selfdestruct

CWEs

284: Improper Access Control

Available Labs

Open Solidity labs in SecDim Play for this vulnerability.

easy

Edgeware.sol

Solidity Easy Signature

Play AppSec WarGames

Want to skill-up in secure coding and AppSec? Try SecDim Wargames to learn how to find, hack and fix security vulnerabilities inspired by real-world incidents.

For Companies Play Now

Got a comment?

Join our secure coding and AppSec community. A discussion board to share and discuss all aspects of secure programming, AppSec, DevSecOps, fuzzing, cloudsec, AIsec code review, and more.