Unrestricted Contract Destruction
Description
The contract can be destructed by anyone, which may lead to unintended behavior or security vulnerabilities. This is because the contract's selfdestruct function is accessible to any user, potentially allowing an attacker to destroy the contract and steal or disrupt its functionality.
Examples
Insecure Code
solidity
function destroy() public { selfdestruct(msg.sender); }Secure Code
solidity
function destroy() public { require(msg.sender == owner, 'Only the owner can destroy the contract'); selfdestruct(msg.sender); }Remediation
Add proper access control to restrict the selfdestruct function to only authorized users, such as the contract owner.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0679 |
| Category | AccessControl |
| Severity | CRITICAL |
| CWE | CWE-284 |
| Confidence | LOW |
| Impact | HIGH |
| Likelihood | HIGH |
| Exploitability | EASY |
| Tags | smart contract, access control |
| OWASP | N/A |