Inheritable Smart Contract Wallet
First Flight #35
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

Reentrancy Attack in InheritanceManager.sol

0xrakesh_ummadi28

Summary

The withdrawInheritedFunds function in your contract is vulnerable to a reentrancy attack because it transfers ETH using .call, allowing recipients to execute code before the transaction is fully completed.
If a beneficiary is a malicious contract, it can repeatedly re-enter the function and withdraw more funds than intended before the contract updates its balance.

Vulnerability Details

  • The function sends ETH to multiple beneficiaries using .call{value: amountPerBeneficiary}(""), which allows external contracts to execute their own logic upon receiving funds.

  • If a malicious contract is one of the beneficiaries, it can re-enter the function before it completes execution and trigger additional withdrawals.

  • This could drain all funds in the contract before other beneficiaries receive their share.

Impact

The attacker can drain all ETH in the contract by continuously re-entering before balances update.

Tools Used

Manual review and slither

Recommendations

Use OpenZeppelin’s ReentrancyGuard to prevent issue :

function withdrawInheritedFunds(address _asset) external
(+) nonReentrant
{
// rest of function
}
Updates

Lead Judging Commences

0xtimefliez Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.