Submission Details
Severity:
A Possible Reentrancy Attack in 'withdrawInheritedFunds' function
Summary
In 'withdrawInheritedFunds' function it doesnt contains 'nonReentrant' modifier it may lead a possible reentrancy attack
Vulnerability Details
function withdrawInheritedFunds(address _asset) external { // @audit-issue no 'nonReentrant' modifier
if (!isInherited) {
revert NotYetInherited();
}
uint256 divisor = beneficiaries.length;
if (_asset == address(0)) {
uint256 ethAmountAvailable = address(this).balance;
uint256 amountPerBeneficiary = ethAmountAvailable / divisor;
for (uint256 i = 0; i < divisor; i++) {
address payable beneficiary = payable(beneficiaries[i]); // @audit Possible Reentrancy Attack?
(bool success,) = beneficiary.call{value: amountPerBeneficiary}("");
require(success, "something went wrong");
}
} else {
uint256 assetAmountAvailable = IERC20(_asset).balanceOf(address(this));
uint256 amountPerBeneficiary = assetAmountAvailable / divisor;
for (uint256 i = 0; i < divisor; i++) {
IERC20(_asset).safeTransfer(beneficiaries[i], amountPerBeneficiary);
}
}
}
Impact
A beneficiary can lead a reentrancy attack to drain funds
Tools Used
Manual Review ^^
Recommendations
Consider Adding 'nonReentrant' modifier in 'withdrawInheritedFunds' function
Rewards breakdown
nSLOC
211This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.