Summary

When functions to calculate and distribute the balance is called from the InheritanceManager.sol contract, the amount of eth/ eth tokens distributed to the individual wallets is not accurate and due to solidity's integer division system truncating the decimals in the funds thereby leading to inaccurate/ incomplete distribution amongst beneficiaries.

Vulnerability Details

When the beneficiaries have been selected and added and the timelock is over, the division of eth if not normally a divisible number by it would cause for the decimal to be omitted. This will cause for the remaining eth to remain in the owner wallet and if compromised, would be lost to the hacker/ malicious contract.

Impact

Users would not get their full money, leaving the little remaining to the original wallet

Tools Used

Manual review

Recommendations

Making use of fixed point match like 1e18 to scale up and descale later to preserve the decimal places or making use of fixed-point match libraries like ABDKMath64x64 for operating with decimal operations with high-precision.