When you compile a Solidity contract, the optimizer doesn't just remove unreachable paths — it buries them. But "unreachable" at compile time is not "unreachable at runtime" if the EVM state can change.
I recently dissected a contract that had this:
function withdraw() external { if (false) { selfdestruct(payable(owner)); } // normal withdrawal logic } The optimizer removed the if (false) branch in bytecode entirely — or so I thought. Actually, the compiler preserved a JUMPDEST but no incoming JUMP opcode. 0xdeadcode
Don't bury code. Delete it.
Result: "Dead code" becomes a self-destruct backdoor after a storage collision. When you compile a Solidity contract, the optimizer
Last week I audited a contract with 14% unreachable instructions. The owner swore they were "leftover from testing."
Dead code is a time bomb. Diffuse it. Title: 0xdeadcode — The Living Dead in Your Bytecode Actually, the compiler preserved a JUMPDEST but no
"Dead code" isn't harmless — it’s a backdoor waiting to be activated.