Function withdrawInheritedFunds lacks a condition to restrict ETH withdrawals to validated beneficiaries, allowing the contract to send ETH to any arbitrary address.
Summary
Function withdrawInheritedFunds lacks a condition to restrict ETH withdrawals to validated benificiaries, allowing the contract to send ETH to any arbitrary address.
Vulnerability Details
The **InheritanceManager::withdrawInheritedFunds** function allows ETH withdrawals to any arbitrary beneficiary. This should be restricted using modifiers in the function signature. Applying the existing onlyBeneficiaryWithIsInherited modifier would ensure that only intended beneficiaries can withdraw ETH.
Impact
This will allow contract to send ETH to any abritrary user.Funds could be sent to unintended or compromised addresses
Inside the contract function withdrawInheritedFunds(address _asset) external { doesn't have the modifier onlyBeneficiaryWithIsInherited to restrict.
Due to this , there might be a chance of unintended recpiceient receving the ETH
Tools Used
Slither
Recommendations
Use the Modifier to Ensure Only Approved Beneficiaries Can Withdraw.
function withdrawInheritedFunds(address _asset) external onlyBeneficiaryWithIsInherited {`
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.