Unprotected Critical Function

This vulnerability category covers the following issues:

Suicide
Multiple Sends

Suicide

Why is this important?

Due to missing or insufficient access controls, malicious parties can self-destruct the contract.

Securing Critical Functions

Option A: Remove the Unprotected Self Destruct Function

Go through the issues that GuardRails identified in the PR.
Identify the code that looks like this:

  contract SimpleSuicide {
    function sudicideAnyone() {
      selfdestruct(msg.sender);
    }
  }

Remove the unprotected selfdestruct call.
Test it
Ship it 🚢 and relax 🌴

More information:

Smart Contract Weakness Classification (SWC 106)
Common Weakness Enumeration (CWE-284)
Parity Wallet Issue
Original Parity Wallet Bug

Multiple Sends

Why is this important?

External calls can fail accidentally or deliberately. To minimize the damage caused by such failures, it is better to isolate each external call into its own transaction that can be initiated by the recipient of the call. This is especially relevant for payments, where it is better to let users withdraw funds rather than push funds to them automatically.

More information:

Smart Contract Weakness Classification (SWC 113)
Common Weakness Enumeration (CWE-400)
Smart Contract Best Practices - Pull Over Push

GuardRails

General

C/C++

Elixir

Go

Java

Javascript/TypeScript

Kubernetes

PHP

Python

Ruby

Rust

Solidity

Terraform

Unprotected Critical Function

Suicide

Why is this important?

Securing Critical Functions

Option A: Remove the Unprotected Self Destruct Function

More information:

Multiple Sends

Why is this important?

More information: