Description:

The InheritanceManager contract uses an unconventional and unsafe method for access control in the onlyBeneficiaryWithIsInherited modifier. Instead of using standard require statements with clear error messages, the modifier intentionally allows the execution to go out of bounds of the beneficiaries array to trigger a Panic error if the caller is not authorized.

The condition i < beneficiaries.length + 1 deliberately allows the loop to attempt accessing an element beyond the array bounds, which will trigger a Panic error (0x32 - Array access out of bounds).

Impact:

When a non-beneficiary calls a function with this modifier, the transaction will revert with a Panic error, which consumes all the gas allocated to the transaction. This is significantly worse than a standard require statement which returns unused gas.

Users who accidentally call restricted functions will pay maximum gas fees for failed transactions.

The error message "Panic(0x32)" is cryptic and does not communicate to the user why their transaction failed, making debugging difficult.

Recommended Mitigation:

Replace the current implementation with a standard, explicit access control mechanism: