26 Апр, 2023

Unprotected SELFDESTRUCT Instruction (SWC-106)

Description

SWC-106 refers to the vulnerability where a contract is vulnerable to a malicious self-destruct attack due to missing or insufficient access controls. This means that a malicious party can destroy the contract by calling the selfdestruct function with their own address as the recipient.

In Solidity, the selfdestruct function can be called by any account, and it allows the owner of the contract to transfer the contract’s remaining balance to an arbitrary address before destroying the contract. If the contract does not have proper access controls in place, any account can call this function and destroy the contract, which could result in a complete loss of funds.

To mitigate this vulnerability, access controls should be implemented to restrict the use of the selfdestruct function to only authorized accounts. This can be done by implementing checks in the contract to ensure that only specific accounts are allowed to call this function, or by using the onlyOwner modifier in the contract to ensure that only the owner of the contract can call it. Additionally, contracts that do not require the use of the selfdestruct function should not include it at all, to minimize the potential attack surface.

Восстановление

The self-destruct function in Solidity allows a contract to be removed from the blockchain, freeing up storage and preventing it from consuming gas in the future. However, this function can be misused by malicious actors to destroy a contract without permission, causing permanent loss of data and assets.

To mitigate this vulnerability, one solution is to remove the self-destruct function entirely unless it is absolutely necessary for the intended functionality of the contract. If it is necessary, a multisig scheme can be implemented to require multiple parties to approve the self-destruct action. This would prevent a single malicious actor from executing the self-destruct function and destroying the contract.

A multisig scheme involves creating a contract that requires a specified number of signatures from different parties before a transaction can be executed. In the case of a self-destruct function, the multisig contract would require a predetermined number of signatures from authorized parties before allowing the self-destruct to be executed. This adds an extra layer of security and makes it more difficult for malicious actors to execute the self-destruct function without authorization.

Overall, it is important for developers to carefully consider the necessity of the self-destruct function in their contracts and implement appropriate access controls and security measures to prevent unauthorized access to this functionality.

Contract Samples

Code with a vulnerability

				
					pragma solidity ^0.4.23;
contract SuicideMultiTxFeasible {
    uint256 private initialized = 0;
    uint256 public count = 1;
    function init() public {
        initialized = 1;
    }
    function run(uint256 input) {
        if (initialized == 0) {
            return;
        }
        selfdestruct(msg.sender);
    }
}

				
			

Code without a vulnerability

				
					pragma solidity ^0.4.23;
contract SuicideMultiTxFeasible {
    uint256 private initialized = 0;
    uint256 public count = 1;
    function init() public {
        initialized = 1;
    }
    function run(uint256 input) {
        if (initialized != 2) {
            return;
        }
        selfdestruct(msg.sender);
    }
}

				
			

Tools for scaning SWC-106

1. Mythril: It is a popular open-source tool that can analyze Solidity code to detect various vulnerabilities, including SWC-106.

2. SmartCheck: It is a smart contract security analysis tool that uses symbolic execution to identify vulnerabilities, including SWC-106.

3. Slither: It is another open-source tool that can detect various security issues in Solidity code, including the SWC-106 vulnerability.

4. Securify: It is a security scanner that uses a combination of static and dynamic analysis to identify vulnerabilities in smart contracts, including SWC-106.

Общее перечисление слабых мест (CWE)

CWE-284: Неправильный контроль доступа

Mitigation for SWC-106

To mitigate SWC-106, it is recommended to remove the self-destruct functionality unless it is absolutely required. If self-destruct is necessary, it is recommended to implement a multi-signature scheme, where multiple parties must approve the self-destruct action.

Additionally, it is important to implement proper access controls to ensure that only authorized parties can call the self-destruct function. This can be done by using modifiers such as onlyOwner or onlyAuthorized. It is also recommended to limit the scope of the self-destruct function by only allowing it to be called under certain conditions or within a specific time period.

Furthermore, it is important to thoroughly test the smart contract for vulnerabilities and to conduct regular security audits to identify and fix any potential vulnerabilities. Using tools such as automated vulnerability scanners and manual code reviews can also help to identify potential vulnerabilities.

Заключение

As a result of missing or inadequate access controls, SWC-106 is a vulnerability that enables hostile parties to self-destruct a contract. It is advised to disable the self-destruct capability unless it is absolutely necessary in order to prevent this issue. A multisig scheme should be deployed if there is a legitimate use-case such that many parties must consent to the self-destruct operation.

When including self-destruct capability in their contracts, developers should carefully evaluate the access restrictions and possible repercussions and put in place the necessary safeguards to avoid unauthorised access or misuse. Code reviews and security audits can also be beneficial in locating and resolving vulnerabilities like SWC-106.

Другие Услуги

Готовы к безопасности?

Связаться с нами