Inheritable Smart Contract Wallet
First Flight #35
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

[M-5] The `removeBeneficiary` removes the first beneficiary if non-beneficiary address is passed

0xnick

Description:

If the owner passes an address that does not exist, the internal function _getBeneficiaryIndex returns 0 index, which initializes the address at index 0 as 0x000...000.

Impact:

Medium - no funds are at risk but the beneficiary is removed, in cases where this is the only beneficiary it be a critical issue as there is no recovery if owner private key is lost.

Likelihood: Medium. This issue occurs if the owner mistakenly passes an incorrect address (e.g., a typo or an address not in the list), which is plausible during manual management of beneficiaries. It doesn’t require malicious intent or external attack, but it’s not triggered by default usage—only by an error or oversight.

Proof of Concept:

function test_removeBeneficiaryRemovesTheBeneficiaryAtIndexZero() public {
address user2 = makeAddr("user2");
address user3 = makeAddr("user3");
vm.startPrank(owner);
im.addBeneficiery(user2);
im.addBeneficiery(user3);
im.removeBeneficiary(makeAddr("user10"));
vm.stopPrank();
assertTrue(im.getBeneficiaryAtIndex(0) == address(0));
}

Recommended Mitigation:

Introduce an error that must be thrown if the index is not found for the given address.

Updates

Lead Judging Commences

0xtimefliez Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.