Inheritable Smart Contract Wallet
First Flight #35
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Wrong implementation of ` removeBeneficiary `

rrraauaarrraauaarrr

Description + Impact

The owner can add a new beneficiary using InheritanceManager :: addBeneficiery() and can remove the same beneficiary using InheritanceManager :: removeBeneficiary()

InheritanceManager :: removeBeneficiary() does not remove the empty space within the array after deleting the beneficiary.

If the owner adds 3 beneficiaries and then remove one of them, the number of beneficiaries within the beneficiaries state variable will still be 3 instead of 2

PoC

How to execute the PoC ?

  • Create a Foundry project with everything needed

  • Add the PoC in test/TEST.t.sol

  • Paste these functions into the InheritanceManager

function getBeneficiaries() public view returns (address[] memory) {
return beneficiaries;
}

  • Execute the PoC using the command forge test --match-test test________ -vv

// SPDX-License-Identifier: MIT
pragma solidity 0.8.26;
import {Test} from "lib/forge-std/src/Test.sol";
import {console} from "lib/forge-std/src/console.sol";
import {InheritanceManager} from "src/InheritanceManager.sol";
contract InheritanceManagerTest is Test {
InheritanceManager public inheritanceManager;
address public owner;
address public beneficiary1;
address public beneficiary2;
address public beneficiary3;
mapping(address => string) private name;
function getName( address addr ) private view returns ( string memory ) {
return name[addr];
}
function test________() public {
owner = makeAddr("owner");
beneficiary1 = makeAddr("beneficiary1");
beneficiary2 = makeAddr("beneficiary2");
beneficiary3 = makeAddr("beneficiary3");
name[owner] = "owner";
name[beneficiary1] = "beneficiary1";
name[beneficiary2] = "beneficiary2";
name[beneficiary3] = "beneficiary3";
name[address(0)] = "0";
vm.prank(owner);
inheritanceManager = new InheritanceManager();
READ____InheritanceManager____beneficiaries();
vm.startPrank(owner);
inheritanceManager.addBeneficiery(beneficiary1);
inheritanceManager.addBeneficiery(beneficiary2);
inheritanceManager.addBeneficiery(beneficiary3);
vm.stopPrank();
READ____InheritanceManager____beneficiaries();
vm.prank(owner);
inheritanceManager.removeBeneficiary(beneficiary2);
READ____InheritanceManager____beneficiaries();
}
function READ____InheritanceManager____beneficiaries() private view {
address[] memory AAAAAA = inheritanceManager.getBeneficiaries();
console.log( "" );
console.log( string( abi.encodePacked(
"========== " , " InheritanceManager :: beneficiaries " , " =========="
) ) );
console.log( "" );
console.log( "" );
console.log(
AAAAAA.length
);
console.log( "" );
console.log( " \n " );
for ( uint256 III = 0 ; III < AAAAAA.length ; III++ ) {
console.log( "" );
console.log(
getName( AAAAAA[ III ] )
);
console.log( "" );
}
console.log( " \n " );
console.log( "" );
console.log( "======================================================================================" );
console.log( "" );
}
}
Updates

Lead Judging Commences

0xtimefliez Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Incorrect removal from beneficiary list causes funds to be send to 0 address

0xtimefliez Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Incorrect removal from beneficiary list causes funds to be send to 0 address

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.