Skip to main content

Unprotected self destruct

What it does

It warns you if terminate_contract function is called without previously checking the address of the caller.

Why is this bad?

If users are allowed to call terminate_contract, they can intentionally or accidentally destroy the contract, leading to the loss of all associated data and functionalities given by this contract or by others that depend on it.

Example

    #[ink(message)]
    pub fn delete_contract(&mut self, beneficiary: AccountId) {
        self.env().terminate_contract(beneficiary)
    }

Use instead:

pub fn delete_contract(&mut self, beneficiary: AccountId) {
        if self.admin == self.env().caller() {
            self.env().terminate_contract(beneficiary)
        }
    }

Implementation

The detector's implementation can be found at this link.