Can a contract remove itself in NEAR Protocol?

Question

I want to design the flow of upgrading a locked contract.

(A locked contract is the one that has no access keys allowing to alter the code; e.g. the full access key is removed once the code is deployed).

By design, there are no keys that can sign the transaction on behalf of the account to initiate the account deletion for a locked account, but I wonder if the code deployed on the account (the contract code) can still remove itself (self-destroy) [I assume it is possible since it seems that it can issue receipts from self to self].

Would the following upgrade strategy work?

1. Initial phase:
   • Create an account
   • Deploy code with some upgradability helpers
   • Lock the account (remove the full access key)
2. Upgrade:
   • Create a new account
   • Deploy new code to the new account
   • Lock the new account
   • Call the migration method, which reaches to the old version (via a cross-contract call) and requests to transfer the ownership (give all the data and remove itself)

It seems that some sort of owner validation will need to be implemented in the upgradability helpers to make sure that only an owner can transfer the ownership from the old version to the new one, but that is another question; first, I want to know if a contract can destroy itself.

Answer 1

I believe it is possible. You can have a method that uses promise_batch_action_delete_account to delete self and then add an access key to the contract that allows it to call that method.