EIP-6780 restricts SELFDESTRUCT to same-transaction contracts eliminating metamorphic contract patterns

# EIP-6780 restricts SELFDESTRUCT to same-transaction contracts eliminating metamorphic contract patterns EIP-6780 (implemented in the Dencun upgrade) fundamentally changes SELFDESTRUCT semantics: the opcode now only destroys contracts created within the same transaction that called SELFDESTRUCT. Contracts deployed in prior transactions can call SELFDESTRUCT but it no longer clears their code or balance — only ETH transfer to the beneficiary still occurs. The primary security consequence is the elimination of metamorphic contracts: the pattern where CREATE2 (which deploys to a deterministic address) combined with SELFDESTRUCT (which clears the deployed bytecode) allowed a contract address to change its code between deployments. Metamorphic contracts violated the assumption that a verified contract at a given address would remain unchanged, enabling bait-and-switch attacks where audited code is replaced with malicious code at the same address. Since [[selfdestruct in implementation contracts can permanently brick proxy systems]] and [[selfdestruct was deprecated in solidity 0.8.18 via eip-6049]], EIP-6780 is the operational culmination of Ethereum's multi-year effort to remove SELFDESTRUCT. The Parity Wallet hack of 2017, where 513,774 ETH was permanently locked when an anonymous user triggered SELFDESTRUCT on a shared library contract, provided the motivating catastrophe for eventual removal. EIP-6780 does not fully remove the opcode (for backward compatibility with contracts that use SELFDESTRUCT for ETH sweeping) but neutralizes its most dangerous properties. --- Relevant Notes: - [[selfdestruct in implementation contracts can permanently brick proxy systems]] — the proxy-specific danger that EIP-6780 reduces - [[selfdestruct was deprecated in solidity 0.8.18 via eip-6049]] — the language-level deprecation preceding this EVM-level restriction - [[CREATE2 enables contract recreation at the same address with different bytecode when the constructor queries external state]] — the metamorphic pattern EIP-6780 prevents - [[malicious governance proposal injection via CREATE2 and SELFDESTRUCT allows attackers to swap approved code with malicious code between proposal approval and execution]] — the Tornado Cash (May 2023) governance exploit is the highest-profile real-world instance of the metamorphic contract pattern EIP-6780 eliminates for post-Dencun contracts - [[governance systems must verify proposal code integrity at execution time not only at approval time because contract metamorphism can change the code between votes]] — EIP-6780 mitigates the attack but execution-time bytecode hash verification remains necessary for legacy governance systems predating Dencun Topics: - [[solidity-behaviors]] - [[evm-internals]] - [[security-patterns]]