Incorrect delete logic in the removeBeneficiary()
Summary
Delete only resets the element to its default value (e.g., address(0)) and does not reduce the array's length. This leaves gaps in the array, which can lead to inefficiencies and potential issues when iterating or relying on the array's length.
Vulnerability Details
The vulnerability lies in the
removeBeneficiaryfunction:
The
deletekeyword resets the element atindexToRemoveto its default value but does not remove it from the array. This results in a gap (e.g.,address(0)) in thebeneficiariesarray, and the array length remains unchanged.
Impact
The array may contain invalid entries (
address(0)), which can cause issues in logic that relies on the array's contents.The array length remains unchanged, leading to unnecessary storage usage and higher gas costs for operations involving the array.
Potential Bugs: Iterating over the array or relying on its length for calculations may produce unexpected results.
Tools Used
Manual code review
Recommendations
Replace the element to be removed with the last element in the array.
Use
pop()to remove the last element and reduce the array's length.
Lead Judging Commences
Incorrect removal from beneficiary list causes funds to be send to 0 address
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.