The inheritanceManager::buyOutEstateNFT
function contains a business logic flaw that allows a beneficiary to obtain the NFT without making payments to other beneficiaries. This occurs because the function exits early if the caller is a beneficiary, preventing fund distribution while still burning the NFT.
The issue occurs in the following loop:
If msg.sender is a beneficiary, the function returns early, skipping the payment distribution. Despite this, nft.burnEstate(_nftID)
is outside the loop and still executes. As a result, the NFT is burned, but other beneficiaries do not receive their rightful share of the buyout.
The estate NFT is valued at 1,000 USDC with 4 beneficiaries.
One of the beneficiaries calls inheritanceManager::buyOutEstateNFT
.
The function returns early, skipping fund distribution.
The NFT is burned, and the beneficiaries receive no compensation.
Beneficiaries do not receive their fair share of the NFT’s value.
The contract does not fulfill its intended purpose.
Manual code review
To fix this issue, the check if (msg.sender == beneficiaries[i])
is unnecessary and should be removed like indicated below, ensuring payments are distributed before burning the NFT:
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.