Last updated: March 11, 2025

SCWE-072: Use of Deprecated Solidity Functions

Stable Version v0.0.1

This content is in the version-(v0.0.1) and still under active development, so it is subject to change any time (e.g. structure, IDs, content, URLs, etc.).

Send Feedback

Relationships¶

CWE-676: Use of a Dangerous Function
https://cwe.mitre.org/data/definitions/676.html

Description¶

Some Solidity functions and features have been deprecated over time due to security risks, inefficiencies, or better alternatives being introduced in newer versions of Solidity. Using deprecated functions can expose contracts to known vulnerabilities and potential attacks. Examples include suicide(), which was replaced by selfdestruct(), and sha3(), which was replaced by keccak256().

Remediation¶

Always check the Solidity documentation to ensure that the functions you're using are not deprecated. If a function is deprecated, replace it with its recommended alternative to maintain the contract’s security and ensure compatibility with future Solidity versions.

Vulnerable Contract Example¶

contract Example {
    function oldFunction() public {
        // Using deprecated function `suicide`
        suicide(msg.sender);  // Deprecated, should be replaced with `selfdestruct`
    }
}

Fixed Contract Example¶

contract Example {
    function oldFunction() public {
        // Correctly using the recommended alternative `selfdestruct`
        selfdestruct(payable(msg.sender));  // Replacing deprecated `suicide` with `selfdestruct`
    }
}