Inheritable Smart Contract Wallet
First Flight #35
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Owner Can Add the Same Beneficiary Account Repeatedly

skyge

Summary

The vulnerability in the addBeneficiery function allows the owner to add the same account multiple times to the beneficiaries array.

Vulnerability Details

The addBeneficiery function does not include logic to check whether the provided _beneficiary address already exists in the beneficiaries array before adding it. This oversight enables the owner to add the same account multiple times, bloating the array with redundant entries.

function addBeneficiery(address _beneficiary) external onlyOwner {
beneficiaries.push(_beneficiary);
_setDeadline();
}

Impact

When calling withdrawInheritedFunds to distribute the remaining funds within the contract, the redundant beneficiary account can receive more funds and other beneficiaries receive less funds.

Tools Used

Manual

Recommendations

Use EnumerableSet of the OpenZeppelin.

import "@openzeppelin/contracts/utils/structs/EnumerableSet.sol";
xxx;
contract InheritanceManager is Trustee {
using EnumerableSet for EnumerableSet.AddressSet;
EnumerableSet.AddressSet beneficiaries;
xxx;
// Function to add a beneficiary using EnumerableSet
function addBeneficiery(address _beneficiary) external onlyOwner {
require(beneficiaries.add(_beneficiary), "Beneficiary already exists");
_setDeadline();
}
}
Updates

Lead Judging Commences

0xtimefliez Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.