🚀 Join our AI Wargame at Black Hat Asia and our Workshop + Wargame at NDC Sydney .

Unprotected Selfdestruct

Unprotected selfdestruct happens when due to missing or insufficient access controls, adversaries can self-destruct the contract. The selfdestruct(address) function removes all bytecode from the contract address and sends all ether stored to the specified address. If this specified address is also a contract, no functions (including the fallback) get called.

SWC-106 - Unprotected SELFDESTRUCT Instruction

Remediation

  • Consider removing the self-destruct functionality unless it is absolutely required.

Metadata

  • Severity: high
  • Slug: unprotected-selfdestruct

CWEs

  • 284: Improper Access Control

Available Labs

Open Solidity labs in SecDim Play for this vulnerability.

Try it yourself

Find, Hack and Fix Your First Vulnerability

Reading about security bugs is one thing — fixing one is how the skill sticks. Play a free challenge from the wargame, no setup required.