SELFDESTRUCT reachable from non-admin path

A code & audits factor in the v1.7.0 rubric. Measured per protocol on a s cadence.

Methodology how we score #

**What this measures** This factor detects whether any deployed contract in the protocol contains the SELFDESTRUCT opcode in a code path reachable from a non-admin, publicly callable function. The assessment is purely static: a bytecode scan for SELFDESTRUCT combined with call-graph analysis to determine whether the path is gated by an admin-only access control check. Contracts where SELFDESTRUCT is only reachable via owner or multisig-protected functions are not flagged.

**Why it matters** SELFDESTRUCT in an implementation contract reachable from a public path allows an attacker to destroy the implementation, bricking every proxy that points to it. The Parity wallet freeze (not in dataset but foundational) occurred because the initWallet() function on the library implementation had no access control, allowing any caller to claim ownership and then call kill(), permanently destroying the implementation and making $150M of funds irretrievable. Post-Dencun, the SELFDESTRUCT opcode behavior changed in EVM (it no longer destroys code but still clears ETH balance), but the pattern remains dangerous on non-EVM chains or in legacy contracts.

**Green / Yellow / Red** Green: no SELFDESTRUCT opcode is present in any deployed contract, or SELFDESTRUCT is present only in code paths exclusively gated by owner or multisig access control with a timelock. Yellow: SELFDESTRUCT is present behind an admin gate but the admin gate does not require a timelock, meaning a compromised admin key could brick the protocol instantly. Red: SELFDESTRUCT is present in a code path reachable from any external caller without access control.

**Common gray cases** This factor cannot be graded when source is not verified and bytecode disassembly is ambiguous about the opcode's reachability conditions.

**Notable historical examples** The Parity wallet freeze ($150M locked permanently, 2017) is the foundational historical reference for this attack class.

Measurement what to look for #

Determine whether any deployed contract contains the SELFDESTRUCT opcode in a code path reachable from a non-admin caller.

Data & output #

Data source

Slither `suicidal` detector + manual call-graph review on Etherscan-verified source

Output format

Green / Yellow / Red

Evidence artifact

Slither output JSON + contract address + function path to SELFDESTRUCT if found

Confidence signal

green = SELFDESTRUCT absent or gated behind admin-only path with timelock; yellow = SELFDESTRUCT behind admin-only path but no timelock; red = SELFDESTRUCT reachable from non-admin path; gray = source unverified

Scored protocols 80 carry this factor #

Protocol RD-F-011

Aave v3 ethereum green Across Protocol ethereum green Aerodrome Finance base gray Axelar Network ethereum green Babylon Protocol bitcoin not_applicable Balancer (v2 + v3) ethereum green Beefy Finance ethereum green BENQI avalanche yellow BlackRock USD Institutional Digital Liquidity Fund (BUIDL) ethereum gray Cap (cUSD / stcUSD) ethereum green Centrifuge ethereum green Chainlink CCIP ethereum green Circle USYC binance gray Compound V3 (Comet) ethereum green Concrete ethereum gray Convex Finance ethereum green crvUSD (Curve Stablecoin) ethereum not_applicable Curve Finance ethereum green deBridge ethereum green Dolomite ethereum green dYdX v4 (dYdX Chain) dydx not_applicable EigenLayer ethereum green Ethena ethereum green ether.fi ethereum green Euler V2 ethereum green Falcon Finance ethereum gray Fluid ethereum green Frax Finance ethereum gray GMX v2 (GMX Synthetics) arbitrum green Hyperlane ethereum green Hyperliquid arbitrum green Jito solana not_applicable Jupiter solana not_applicable Jupiter Perpetual Exchange solana not_applicable JustLend DAO tron not_applicable Kamino Lend solana not_applicable Kinetiq hyperliquid green Lido ethereum green Liquid Collective (LsETH) ethereum green Liquity V1 + V2 (LUSD / BOLD) ethereum green Lista DAO bsc green Lombard Finance ethereum gray M^0 ethereum green Maple Finance ethereum green Marinade Finance solana not_applicable Meteora solana not_applicable mETH Protocol ethereum green Midas ethereum green Morpho V1 (Morpho Blue + MetaMorpho) ethereum green Multipli ethereum green Ondo Finance ethereum green OpenEden ethereum gray Orca solana not_applicable PancakeSwap bsc green Pendle Finance ethereum green Polymarket polygon green QuickSwap polygon green Raydium solana not_applicable Rocket Pool ethereum green Sanctum solana not_applicable Save (formerly Solend) solana not_applicable Sky Lending (formerly MakerDAO) ethereum green Spark Protocol ethereum green Spiko stellar green Stake DAO ethereum gray StakeWise v3 ethereum green Stargate Finance ethereum green stHYPE (Valantis Labs) hyperliquid gray SUNSwap (sun.io) tron green Superstate ethereum gray Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap ethereum green Symbiotic ethereum gray Synapse Protocol ethereum green Uniswap (v2 + v3) ethereum green USDD (Decentralized USD) tron green Usual (USD0 / bUSD0 / USUAL) ethereum green Veda (BoringVault) ethereum green Venus Protocol bsc green Wormhole ethereum green Yearn Finance ethereum gray

Linked hacks no historical incidents linked #

No historical incidents are linked to this factor.

rubric_version v1.7.0 factor RD-F-011 category 1 carried 80 critical no