Inheritable Smart Contract Wallet
First Flight #35
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

`InheritanceManager:_getBeneficiaryIndex` returns Invalid Index due to lack of validation

fels21

Summary

_getBeneficiaryIndex will return 0 if the beneficiary address does not exist in the beneficiaries array, which may result in deleting a legitimate beneficiary at index 0.

Vulnerability Details

In this function, we have the following issue:

function _getBeneficiaryIndex(address _beneficiary) public view returns (uint256 _index) {
for (uint256 i = 0; i < beneficiaries.length; i++) {
if (_beneficiary == beneficiaries[i]) {
_index = i;
break;
}
}
// @here
}

There is no index assignment in case the beneficiary is not found. Since index is declared as uint in the function, it defaults to 0 if the beneficiary does not exist. This can lead to unintended deletions.

Impact

A legitimate beneficiary at index 0 may be deleted instead of the intended one.

Tools Used

Manual review

Recommendations

Implement a revert mechanism to prevent this from happening.

function _getBeneficiaryIndex(address _beneficiary) public view returns (uint256) {
for (uint256 i = 0; i < beneficiaries.length; i++) {
if (_beneficiary == beneficiaries[i]) {
return i;
}
}
+ revert BeneficiaryNotFound();
}
Updates

Lead Judging Commences

0xtimefliez Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.