Skip to content
Last updated: February 09, 2026

SCWE-072: Use of Deprecated Solidity Functions

Stable Version v1.0

This content is in the version-(v1.0) and still under active development, so it is subject to change any time (e.g. structure, IDs, content, URLs, etc.).

Send Feedback

Relationships

Description

Some Solidity functions and features have been deprecated over time due to security risks, inefficiencies, or better alternatives being introduced in newer versions of Solidity. Using deprecated functions can expose contracts to known vulnerabilities and potential attacks. Examples include suicide(), which was replaced by selfdestruct(), and sha3(), which was replaced by keccak256().

Remediation

Always check the Solidity documentation to ensure that the functions you're using are not deprecated. If a function is deprecated, replace it with its recommended alternative to maintain the contract's security and ensure compatibility with future Solidity versions. Note: As of EIP-6049 (Solidity 0.8.24+), selfdestruct is deprecated and will be removed in a future EVM version.

Vulnerable Contract Example

pragma solidity ^0.8.0;

contract Example {
    function oldFunction() public {
        // Using deprecated function `suicide`
        suicide(msg.sender);  // Deprecated, should be replaced with `selfdestruct`
    }
}

Fixed Contract Example

pragma solidity ^0.8.0;

contract Example {
    function oldFunction() public {
        // Correctly using the recommended alternative `selfdestruct` (deprecated per EIP-6049; prefer migration patterns)
        selfdestruct(payable(msg.sender));  // Replacing deprecated `suicide` with `selfdestruct`
    }
}