Ethereum

🚨  DEVELOPER POST ALERT 🚨

After reading about the vulnerability issues with the SELFDESTRUCT opcode in Solidity several times, I wondered - why does this opcode even exist, who uses it and for what? 🤔

Here’s what I discovered:

TL;DR: SELFDESTRUCT was initially designed for storage management but nowadays for these reasons pretty much obsolete. The opcode has been used by some projects to upgrade code in place, however, there are other solutions for this specific use case. Given the violation of invariants that come with SELFDESTRUCT and the risks associated with that will likely result in the elimination of the opcode SELFDESTRUCT in future upgrades of Ethereum.

Read on for more details 👇

Over time, the reasons for SELFDESTRUCT have become outdated. Modern state management techniques and more secure patterns for upgrading contracts have emerged, making the opcode’s original purpose largely unnecessary. Although it’s still used in some specific cases these projects can be upgraded to also work without the current functionality of SELFDESTRUCT.

Given these issues, there are strong arguments (and proposals) for either removing SELFDESTRUCT altogether (EIP-4758) or significantly altering its behavior to mitigate its risks while preserving essential functionalities (EIP-6780). These changes would help protect the Ethereum ecosystem from potential vulnerabilities, give more flexibility in storage management of Ethereum, and simplify the development of more secure smart contracts.

If you want to read more about it, check out these articles:

If you want to read more about it, check out these articles:

https://hackmd.io/@vbuterin/selfdestruct

https://dedaub.com/audits/ethereum-foundation/ef-removal-of-selfdestruct-study-may-23-2023/

The SELFDESTRUCT opcode was introduced initially as a way to manage the blockchain’s state by allowing contracts to delete themselves, freeing up storage and returning a portion of gas costs. However, as the ecosystem evolved, it became clear that SELFDESTRUCT often causes more problems than it solves. It’s the only opcode that can break critical guarantees in Ethereum, such as ensuring that once a piece of code is deployed at an address, it remains unchanged, and that account balances can't be altered without the account’s involvement. While the first is typically used in upgrade patterns to replace old code, the latter is often mentioned as a vulnerability as calling SELFDESTRUCT can forcefully push Ether to another contract.