Inheritable Smart Contract Wallet

Summary

If the number of beneficiaries is not controlled, if the number of beneficiaries increases, for example, thousands of beneficiaries, it can cause many problems such as: 1- Gas consumption exceeds the permitted gas limit
2- If the amount of the inheritance is less than the number of beneficiaries, the cost of gas consumption will be more than the amount of each person's share.

Vulnerability Details

In the InheritanceManager::buyOutEstateNFT function, because the number of beneficiaries can be very large, this loop is repeated a lot and can consume very high gas, even exceeding the block limit, causing an out of gas error.

Also, the finalAmount value may be less than the number of beneficiaries, which in practice means that since it is automatically sent to the beneficiaries, the gas cost may be higher than the amount sent.

Impact

Out of gas error or loss of value due to high gas cost for transmission to a large number of beneficiaries.

Tools Used

manual review

Recommendations

Instead of having the function transfer tokens directly to all stakeholders, you can have a "claim" mechanism. That is, each stakeholder comes and gets their own share. This way, the gas cost is not spread across a transaction and each person pays their own cost. For example, you keep a mapping of how much each stakeholder is entitled to, and write a claim function so that each person can get their share.

Set a ceiling for the number of beneficiaries. For example, a maximum of 100 people. This way you will ensure that the cost of gas does not exceed a certain limit.