Inheritable Smart Contract Wallet

First Flight #35

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: high

Invalid

[H-3] Large amount of `InheritanceManager::beneficiaries` can lead to DoS

0xnick

Summary

A large amount of beneficiaries can cause a DoS attack where the iteration of the array may be very costly or computationally infeasible.

This can be seen in:

Modifier InheritanceManager::onlyBeneficiaryWithIsInherited
buyOutEstateNFT InheritanceManager::onlyBeneficiaryWithIsInherited
withdrawInheritedFunds InheritanceManager::onlyBeneficiaryWithIsInherited

Vulnerability Details

Likelihood: Medium. Requires the owner to add many beneficiaries (e.g., 100+), which isn’t a default scenario but is plausible with poor management or malicious intent.

Adding 100 beneficiaries in the Proof of Concept Results in the following gas usage:

[PASS] test_appointTrusteeDoS() (gas: 6103263)

[PASS] test_appointTrusteeSuccess() (gas: 262988)

Usage of 6,103,263 rendering the contract unusable for beneficiaries due to high cost.
Gas limit exceeding 6M (per PoC) is a real DoS risk, but it’s not an active attack—it’s a design flaw exploitable passi

function test_appointTrusteeDoS() public {

address user2 = makeAddr("user2");

vm.startPrank(owner);

im.addBeneficiery(user1);

for (uint256 i = 0; i < 100; i++) {

string memory name = string.concat("user", vm.toString(i));

address beneficiary = makeAddr(name);

im.addBeneficiery(beneficiary);

}

vm.stopPrank();

vm.warp(1);

vm.deal(address(im), 9e18);

vm.warp(1 + 90 days);

// set the last address as executer

address finalBeneficiary = makeAddr("user99");

vm.startPrank(finalBeneficiary);

im.inherit();

im.appointTrustee(user2);

vm.stopPrank();

assertEq(user2, im.getTrustee());

}

vely.Impact

High. Blocks key functions (e.g., InheritanceManager::buyOutEstateNFT, InheritanceManager::withdrawInheritedFunds), locking assets and preventing beneficiaries from accessing funds.

Tools Used

Manual Review

Recommendations

Keep the beneficiaries in another structure as well such as a mapping. For functions, move to a model where each beneficiary has to withdraw his own share. This will prevent high gas cost for the caller and will prevent DoS attacks

address[] beneficiaries;

+ mapping(address beneficiary => bool allowed) allowedBeneficiaries;

Updates

Lead Judging Commences

0xtimefliez Lead Judge 5 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Appeal created

0xnick Submitter

5 months ago

0xtimefliez Lead Judge 5 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

211

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.