Submission Details
Severity:
`InheritanceManager:removeBeneficiary` is badly implemented
Summary
The delete method does not delete from the array; instead, it is set to zero, which can lead to the loss of funds during distribution.
Recommendations
The correct way to implement the function is moving the position and using pop:
function removeBeneficiary(address _beneficiary) external onlyOwner {
uint256 indexToRemove = _getBeneficiaryIndex(_beneficiary); //<-get correct index
uint256 lastIndex = beneficiaries.length - 1;
if (indexToRemove != lastIndex) {
beneficiaries[indexToRemove] = beneficiaries[lastIndex];
}
beneficiaries.pop();
}
Also, we may consider this as protocol interaction and update the deadline.
Updates
Lead Judging Commences
0xtimefliez 3 months ago
Submission Judgement Published Assigned finding tags:
Incorrect removal from beneficiary list causes funds to be send to 0 address
Rewards breakdown
nSLOC
211This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.