Skip to main content
Sigvex

Dead Code

Detects unreachable code paths and unused internal functions that increase bytecode size and may indicate logic errors.

Dead Code

Overview

The dead code detector identifies unreachable basic blocks, unused internal functions, and code paths that can never be executed due to constant conditions. Dead code inflates bytecode size, increases deployment gas costs, and may indicate copy-paste errors or incomplete refactoring where logic was intended to be active.

Why This Is an Issue

While dead code is not directly exploitable, it:

  • Wastes deployment gas (each byte costs 200 gas to deploy)
  • May indicate logic errors where the developer intended the code to execute
  • Increases audit surface unnecessarily
  • Can push contracts toward the 24KB bytecode size limit (EIP-170)

Examples

Sample Sigvex Output

{
  "detector_id": "dead-code",
  "severity": "info",
  "confidence": 0.92,
  "description": "Internal function at offset 0x4c2 is never called from any reachable code path. 156 bytes of unreachable bytecode can be removed.",
  "location": { "function": "unused_internal_function", "offset": 1218 }
}

Detection Methodology

  1. CFG reachability: Builds the control-flow graph from all external entry points and marks reachable blocks.
  2. Unreachable block identification: Reports blocks not reachable from any entry point.
  3. Constant condition analysis: Identifies JUMPI instructions where the condition is always true or always false.

Limitations

  • Code reachable only via DELEGATECALL from another contract appears dead but may be intentionally used.
  • Fallback/receive functions and selfdestruct targets may be reached through non-standard paths.

References