Inheritable Smart Contract Wallet
First Flight #35
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Missing Return Value in _getBeneficiaryIndex()

0xshaedyw

Summary

The _getBeneficiaryIndex() function does not reliably return the index of the beneficiary, as it lacks a proper return statement in all code paths.

Vulnerability Details

If the _beneficiary is not found in the array, the function does not explicitly return a value. This can lead to unexpected behavior, as Solidity will return the default value for uint256 (i.e., 0), which might be misinterpreted as a valid index.

function _getBeneficiaryIndex(address _beneficiary) public view returns (uint256 _index) {
for (uint256 i = 0; i < beneficiaries.length; i++) {
if (_beneficiary == beneficiaries[i]) {
_index = i;
break;
}
}
}

Impact

If _getBeneficiaryIndex() returns 0 for a non-existent beneficiary, it might incorrectly reference the first element in the array.

Tools Used

Manual code review

Recommendations

Fix _getBeneficiaryIndex to Handle Missing Beneficiaries

function _getBeneficiaryIndex(address _beneficiary) internal view returns (uint256 _index) {
for (uint256 i = 0; i < beneficiaries.length; i++) {
if (_beneficiary == beneficiaries[i]) {
return i; // return index here
}
}
revert("Beneficiary not found");
}
Updates

Lead Judging Commences

0xtimefliez Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.