Self Destruct

What it detects

This detector identifies any usage of the selfdestruct opcode. Removing contract code is irreversible and can lead to lost functionality or funds. Many times selfdestruct is left callable after deployment by mistake.

Typical symptoms

Function contains selfdestruct without restriction
Selfdestruct reachable through proxies or upgrade logic

Solidity snippet (v0.8.25)

pragma solidity ^0.8.25;

contract Example {
    function kill() external {
        // Contract can be destroyed
        selfdestruct(payable(msg.sender));
    }
}

Why it matters on EVM

Once executed, selfdestruct removes contract code and can forward its balance. Uncontrolled access may permanently cripple a protocol.

What it detects​

Typical symptoms​

Solidity snippet (v0.8.25)​

Why it matters on EVM​

What it detects

Typical symptoms

Solidity snippet (v0.8.25)

Why it matters on EVM