0xdeadcode Site

"Dead code" isn't harmless — it’s a backdoor waiting to be activated.

function withdraw() external { if (false) { selfdestruct(payable(owner)); } // normal withdrawal logic } The optimizer removed the if (false) branch in bytecode entirely — or so I thought. Actually, the compiler preserved a JUMPDEST but no incoming JUMP opcode. 0xdeadcode

(thread-style) 2. A short blog/forum post exploring a "dead code" vulnerability in smart contracts 1. X (Twitter) Post by @0xdeadcode Main post: 0xdeadcode "Dead code" isn't harmless — it’s a backdoor

Dead code is a time bomb. Diffuse it. Title: 0xdeadcode — The Living Dead in Your Bytecode (thread-style) 2

One storage write to flip the false to true later, and pause becomes owner-only backdoor.

When you compile a Solidity contract, the optimizer doesn't just remove unreachable paths — it buries them. But "unreachable" at compile time is not "unreachable at runtime" if the EVM state can change.

But there was a SSTORE in an admin function that allowed toggling a boolean flag — and that flag was used in another function to compute a jump offset via JUMPI . With a specific storage layout, that flag could point to the dead JUMPDEST .

We do not accept any kind of Guest Post. Except Guest post submission, for any other query (such as adverting opportunity, product advertisement, feedback, suggestion, error reporting and technical issue) or simply just say to hello mail us [email protected]