Inheritable Smart Contract Wallet
First Flight #35
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Incorrect Fund Distribution Due to Miscalculated Multiplier in buyOutEstateNFT

eightysix

Summary

The buyOutEstateNFT function in InheritanceManager.sol miscalculates the amount to be paid by the buyer. The function first removes the buyer’s share using a multiplier but still divides the final amount by the total number of beneficiaries (divisor), causing underpayment to the remaining beneficiaries.

Vulnerability Details

The function removes msg.sender's share using multiplier = beneficiaries.length - 1.

  • However, later in the function, finalAmount is still divided by divisor instead of multiplier, reducing the payout to each beneficiary.

uint256 divisor = beneficiaries.length;
uint256 multiplier = beneficiaries.length - 1;
uint256 finalAmount = (value / divisor) * multiplier;
IERC20(assetToPay).safeTransfer(beneficiaries[i], finalAmount / divisor);

Impact

  • Underpayment of beneficiaries: Each remaining beneficiary receives less than their fair share.

  • Discrepancy in fund distribution: The contract does not distribute the expected total amount, leading to potential disputes.

Tools Used

  • Foundry tests (to verify discrepancies in expected balances)

  • console.log to monitor balance

Recommendations

Modify the final amount calculation to ensure it is divided by the correct multiplier instead of divisor:

IERC20(assetToPay).safeTransfer(beneficiaries[i], finalAmount / multiplier); // ✅
Updates

Lead Judging Commences

0xtimefliez Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

buyOutNFT has wrong denominator

buyOutNFT has return instead of continue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.