Submission Details
Severity:
Improper Beneficiary Array Management Leading to Fund Distribution Issues
Summary : The removeBeneficiary function deletes array elements without compacting the array, leaving address(0) entries that disrupt equal fund distribution in withdrawInheritedFunds
Vulnerability Details: In removeBeneficiary, delete beneficiaries[indexToRemove] sets the element to address(0) without adjusting the array length. In withdrawInheritedFunds, the loop iterates over all elements, attempting to send funds to address(0):
For ETH, this may burn funds or revert.
For ERC20, safeTransfer may revert, halting distribution.
Additionally, _getBeneficiaryIndex returns 0 if the beneficiary isn’t found, deleting the first element incorrectly.
Impact: High. This breaks the third invariant by potentially losing funds to address(0) or preventing full distribution, leaving assets stuck in the contract
Tools Used
Recommendations: Properly compact the array in removeBeneficiary and add existence checks:
function removeBeneficiary(address _beneficiary) external onlyOwner {
for (uint256 i = 0; i < beneficiaries.length; i++) {
if (_beneficiary == beneficiaries[i]) {
beneficiaries[i] = beneficiaries[beneficiaries.length - 1];
beneficiaries.pop();
_setDeadline();
return;
}
}
revert("Beneficiary not found");
}
Updates
Lead Judging Commences
0xtimefliez 5 months ago
Submission Judgement Published Assigned finding tags:
Incorrect removal from beneficiary list causes funds to be send to 0 address
Rewards breakdown
nSLOC
211This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.