Submission Details
Severity:
Division by Zero Risk In InheritanceManager::buyOutEstateNFT Leading to Tranasction Reversion
Summary: InheritanceManager::buyOutEstateNFT divides by beneficiaries.length without checking if it’s zero.
Vulnerability Details: InheritanceManager::buyOutEstateNFT divides by beneficiaries.length without checking if it’s zero.
//@audit --> Possible division by zero, no checks for zero divisor
function buyOutEstateNFT(uint256 _nftID) external onlyBeneficiaryWithIsInherited {
uint256 value = nftValue[_nftID];
uint256 divisor = beneficiaries.length;
uint256 multiplier = beneficiaries.length - 1;
uint256 finalAmount = (value / divisor) * multiplier;
IERC20(assetToPay).safeTransferFrom(msg.sender, address(this), finalAmount);
for (uint256 i = 0; i < beneficiaries.length; i++) {
if (msg.sender == beneficiaries[i]) {
return;
} else {
IERC20(assetToPay).safeTransfer(beneficiaries[i], finalAmount / divisor);
}
Impact: If beneficiaries.length == 0, funds become inaccessible, and transactions fail, wasting gas.
Tools Used: Foundry
Recommendations: Added check for possible zero divisor
//@audit --> Added check for zero divisor
require(beneficiaries.length > 0, "No beneficiaries present");
IERC20(assetToPay).safeTransfer(beneficiaries[i], finalAmount / divisor);
Rewards breakdown
nSLOC
211This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.