🚀 Join our AI Wargame at Black Hat Asia and our Workshop + Wargame at NDC Sydney .

Unprotected Selfdestruct

Unprotected selfdestruct happens when due to missing or insufficient access controls, adversaries can self-destruct the contract. The selfdestruct(address) function removes all bytecode from the contract address and sends all ether stored to the specified address. If this specified address is also a contract, no functions (including the fallback) get called.

SWC-106 - Unprotected SELFDESTRUCT Instruction

Remediation

  • Consider removing the self-destruct functionality unless it is absolutely required.

Metadata

  • Severity: high
  • Slug: unprotected-selfdestruct

CWEs

  • 284: Improper Access Control

Available Labs

Select a language to explore available labs for this vulnerability.

No matching labs found

Try adjusting your language filter.

Try it yourself

Find, Hack and Fix Your First Vulnerability

Reading about security bugs is one thing — fixing one is how the skill sticks. Play a free challenge from the wargame, no setup required.