What is selfdestruct? Selfdestruct is a keyword that is used to terminate a contract, remove the bytecode from the Ethereum blockchain, and send any contract funds to a specified address. Selfdestruct originated in when the Ethereum blockchain and decentralized organizations DAOs were in their formative stages.
One of the earliest DAOs lost 3. The attack continued for days due to the immutability of Solidity contracts. Therefore, selfdestruct was created to serve as an exit door in case of security threats. Why is selfdestruct considered a sensible security practice? Including a selfdestruct function in your contract is a sensible security practice as it safeguards contract funds against malicious attacks.
For instance, using the selfdestruct function in the DAO attack could have resulted in a faster resolution, minimal loss of funds, and immediate protection against further exploits. Why do developers use the selfdestruct function? Developers use the selfdestruct function primarily to improve smart contract code security, clean up unused contracts and transfer Ethereum assets quickly.
Selfdestruct is helpful when developers need to upgrade smart contracts. For instance, the ERC framework is the standard implementation for all fungible tokens on Ethereum for the purpose of interoperability. Any token that does not interface with the ERC standard will have difficulty interacting with other contracts.
In such cases, developers will change to a new contract instead of upgrading the current contract. Thus, they can use the selfdestruct function to extract funds from the current contract and build a new contract with the required functionalities. Developers also use the selfdestruct function to safeguard against potential security threats.
According to the same selfdestruct smart contract report , when developers find security flaws in their contracts, a selfdestruct function helps them immediately terminate the flawed contract and replace it with a secure contract. What are the disadvantages of using selfdestruct? The disadvantages of the selfdestruct function are that all transferable funds should be in ETH and any funds sent to the contract after it is destroyed are lost.
Typically, selfdestruct functions are called by developers who fail to communicate about it on time. Even when a team communicates the update, it does not circulate fast enough. In such a case, the funds are lost. Once selfdestruct is called, these assets can never be recovered. Why is selfdestruct considered a double-edged sword function? The selfdestruct function is a double-edged sword because it gives away the power to the core team to modify immutable contracts even after they have been deployed.
Since the developers have access to the contract, they can call the selfdestruct function and direct the funds to their personal wallets. Therefore, some protocol users and developers have expressed mixed feelings about using the selfdestruct function. Secondly, the main intent behind using the selfdestruct keyword in a contract is to provide an escape route during hacks or to replace it with a better contract. However, malicious actors can use this as an exploit.
How does selfdestruct work? This was quickly fixed with nonces. However, the addition of nonces removed all hope of EOAs being deleted: the nonce could not be reset to zero. However, by then it was clear that almost no contract developers were actually using the self-destruct feature: figuring out when to self-destruct is too hard and the rewards are too little. By , it has become clear that we need some other form of state management, whether rent or "expiring" long-untouched parts of the tree aka "partial statelessness".
It breaks some important invariants that would be nice to have, that we cannot have because of this one single opcode. In the present tree construction, this is bearable. Furthermore, it makes it difficult to move to a different state storage format in the future.
It makes it easier to build applications that depend on calling contracts that have already been deployed. Account abstraction greatly relies on this invariant if we want abstracted accounts to be able to call libraries. The only opcode that breaks the code immutability invariant and indeed, was responsible for the demise of the Parity multisig is
Useful phrase beyond bitcoin the economics of digital currencies where
INVESTING BASICS INDIA
They are worried that they might misuse the Selfdestruct function, and lead to the bugs. Reason 5: Additional Complexity. Reason 6: Additional Financial Risk. Risk of Ether loss after destroying the contract is also a concern for the developers. According to our survey feedback, we find that the Selfdestruct function might be risky for both contract developers and contract users. For contract developers, they need to pay more effort to ensure only specific people have permission to call the function, which might increase the cost of development.
Besides, how to ensure no one will send Ethers to the self-destructed contract is also a big question. For contract users, their balance might be stolen by the contract owners, as the owners have the ability to transfer all the Ethers.
RQ2: Reasons for Self-destruct 4. Motivation In RQ1, we found that Therefore, by comparing the difference between the two versions of the contract, we can find the reasons why contracts destructed. Consider the following scenario. Bob is a smart contract developer. He developed a smart contract several weeks ago, and his company uses this contract to receive money from other companies.
Therefore, Bob has to destroy the contract by involving Selfdestruct function and deploy a new contract to the blockchain. The new contract adds a permission check to avoid this vulnerability. Bob and his colleagues try their best to inform other companies not to transfer Ethers to the self-destruct contract anymore.
However, it requires a long time to inform all companies. Many users still transfer Ethers to the self-destruct contract, and all the Ethers send to the contract are lost forever. From this scenario, we see that calling the Selfdestruct function may lead to great financial loss. Therefore, we should try to make contracts robust. In this section, we compare the self-destruct contracts and their successor contracts to summarize reasons why contracts destructed. The reasons we identify can guide smart contract developers and help them refine their contracts.
Approach Figure 1. Overview architecture of finding the self-destruct reasons Figure 1 depicts the detailed steps to identify the reasons why some smart contracts have been destructed. Our method consists of three stages. In the first stage, we crawl all verified contracts and their transactions from Etherscan. We crawled 54, smart contracts altogether.
We found that 2, 5. In this case, we can find smart contracts that are created by the same authors. Then, we compute the code similarity of contracts in each group to find self-destruct contracts also called predecessor contracts and their successor contracts. In the last stage, we compare the difference of predecessor contracts and their successor contracts by using open card sorting. Finally, we summarized 6 reasons why contracts had been destructed. Stage 1. Data Collection: Stage 1 is used to collect data for the following two stages.
Our data contains three parts, i. Verified Contracts: Verified contracts are crawled from Etherscan. To crawl the source code of verified smart contracts from Etherscan, we first need to know the contract addresses of verified contracts.
Figure 2 is a smart contract on Etherscan. By obtaining the contract address, we can easily download the source code, transactions ,and other information of the contract. However, Etherscan only shows the last verified contract addresses since Jan. The data used in this paper are crawled before Jan. We finally obtained 54, verified contract addresses by the time of writing.
After obtaining the contract addresses, we can crawl the source code from Etherscan directly. Figure 2. A smart contract on Etherscan Self-destruct Contracts: Finding whether a verified smart contract has been self-destructed is straightforward. If a contract has self-destructed, there will be a label self destruct given on Etherscan see Figure 2.
We found self-destruct contracts from 54, verified smart contracts. Figure 3. Transactions of a Self-destruct Contract Transactions: Transactions on Ethereum record the information of the external world interacting with the Ethereum network. All the transactions can be found on Etherscan.
We collect all , transactions of 54, verified smart contracts. Figure 3 is the transactions of a self-destruct contract. In the first transaction, we can find who deployed the contract creator and we can find who destructed the contract destructor in the last transaction. Stage 2. Step 2. In this step, we inspect the first transaction of each smart contract as the first transaction contains the creator address and creation time.
Then, we classify the contracts into several groups according to their creator addresses. If two contracts have the same creator address, they will be classified into the same group. We only choose groups that contain self-destruct contracts. Then, we can obtain several pairs; each pair is consisted of a self-destruct contract and a live contract. For example, one group contains five contracts, they are contract a,b,c,d,e and these five contracts are ranked by creation time.
Contract b and d are the self-destruct contact in these five contracts. Finally, we output four pairs, i. SmartEmbed smartembed, ; gaochecking, is the only tool that uses code embedding to find clone-related bugs in smart contracts, see Section 7.
Although the tool is aimed at finding bugs, their first step computes code similarity between the given smart contract and history contracts. We modified the source code of SmartEmbed to compute the similarity between two contracts. If their similarity is larger than 0. We also called this self-destruct contract as the predecessor contract of the successor contract.
We note that 0. According to this information, we propose a method to find the self-destructed contracts also called predecessor contracts and their updated version successor contracts by computing the code similarity. By analyzing the difference between the predecessor contracts and their successor contracts, we found five reasons that led to the death of the contracts; two of them i.
We developed a tool named LifeScope to detect these problems. In terms of Limits of Permission, LifeScope achieves According to the feedback of developers who exclude selfdestruct functions, we propose suggestions to help developers use selfdestruct functions in Ethereum smart contracts better.
Ethereum contract self destruct kleinbettingen commune ixelles
Selfdestruct Attack - Smart Contract
