Add Suicidal Contract

[ksloven]

A smart contract can have a 'self-destruct' or 'kill' option which can be called by the owner in the case of theft of ether or smart contract malfunction.
But if the contract can be killed by any account/user, it is considered 'suicidal'

1 function initMultiowned ( address [] _owners ,
2 uint _required ) {
3 if ( m_numOwners > 0) throw ;
4 m_numOwners = _owners . length + 1;
5 m_owners [1] = uint ( msg . sender ) ;
6 m_ownerIndex [ uint ( msg . sender )] = 1;
7 m_required = _required ;
8 /* ... /
9 }
10
11 function kill ( address _to ) {
12 uint ownerIndex = m_ownerIndex [ uint ( msg. sender ) ];
13 if ( ownerIndex == 0) return ;
14 var pending = m_pending [ sha3 ( msg . data ) ];
15 if ( pending . yetNeeded == 0) {
16 pending . yetNeeded = m_required ;
17 pending . ownersDone = 0;
18 }
19 uint ownerIndexBit = 2* ownerIndex ;
20 if ( pending . ownersDone & ownerIndexBit == 0) {
21 if ( pending . yetNeeded <= 1)
22 suicide (_to) ;
23 else {
24 pending . yetNeeded - -;
25 pending . ownersDone |= ownerIndexBit ;
26 }
27 }
28 }
}

Attack :
user calls initMultiowned with empty array for _'owners', and zero for '_required'. Then user invokes 'kill' function which needs '_required' number of owners (line 16) before the suicide function is called (line 22). Since the initial initMultiowned call was set to zero, the suicide function executes

Known exploit:
Parity (openethereum/parity-ethereum#6995)