Last updated: February 06, 2026

SCWE-117: Proxy Implementation Selfdestruct Exposure

Stable Version v1.0

This content is in the version-(v1.0) and still under active development, so it is subject to change any time (e.g. structure, IDs, content, URLs, etc.).

Send Feedback

Relationships¶

CWE-284: Improper Access Control
https://cwe.mitre.org/data/definitions/284.html

Description¶

If the proxy’s implementation contract exposes selfdestruct (or SELFDESTRUCT reachable through a function), an attacker or careless admin can destroy the implementation. The proxy then points to a non-existent code address, bricking upgrades or locking funds.

Remediation¶

Remove or disable selfdestruct in implementations; use disableInitializers() patterns.
Gate any destruct-like functionality behind timelock + multisig and migration plans.
Monitor implementation addresses and block upgrades that reduce code size to zero.

Examples¶

Vulnerable¶

pragma solidity ^0.8.0;

contract Impl {
    function kill() external {
        selfdestruct(payable(msg.sender));
    }
}

Fixed¶

pragma solidity ^0.8.0;

contract Impl {
    // no selfdestruct path; migrations use new proxy with state copy
}