Unprotected Critical Function

This vulnerability category covers the following issues:

• Suicide
• Multiple Sends

Suicide

Why is this important?

Due to missing or insufficient access controls, malicious parties can self-destruct the contract.

Securing Critical Functions

Option A: Remove the Unprotected Self Destruct Function

1. Go through the issues that GuardRails identified in the PR/MR

2. Identify the code that looks like this:

   contract SimpleSuicide {
     function sudicideAnyone() {
       selfdestruct(msg.sender);
     }
   }

3. Remove the unprotected selfdestruct call

4. Test it

5. Ship it 🚢 and relax 🌴

More information:

• Smart Contract Weakness Classification (SWC 106)
• Common Weakness Enumeration (CWE-284)
• Parity Wallet Issue
• Original Parity Wallet Bug

Multiple Sends

Why is this important?

External calls can fail accidentally or deliberately. To minimize the damage caused by such failures, it is better to isolate each external call into its own transaction that can be initiated by the recipient of the call. This is especially relevant for payments, where it is better to let users withdraw funds rather than push funds to them automatically.

More information:

• Smart Contract Weakness Classification (SWC 113)
• Common Weakness Enumeration (CWE-400)
• Smart Contract Best Practices - Pull Over Push