Inheritable Smart Contract Wallet
First Flight #35
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Vulnerability in onlyBeneficiaryWithIsInherited Modifier

eagerpanda582

Summary

The onlyBeneficiaryWithIsInherited modifier is used to verify whether msg.sender is an authorized beneficiary and whether the inheritance is active. However, the current implementation contains a logic flaw that allows unauthorized users to proceed without proper verification, potentially leading to security risks and unintended fund withdrawals.

Vulnerability Details

Issue: There is no explicit require() statement to halt execution when msg.sender is unauthorized.

  • This allows unauthorized users to interact with the contract without triggering a failure.

Solution: Add a require() check after the loop to enforce beneficiary verification.

Impact

Unauthorized users can bypass the restriction and execute functions meant for beneficiaries.

The contract may experience out-of-bounds errors, causing unexpected failures.

Tools Used

Mannual review

Recommendations

modifier onlyBeneficiaryWithIsInherited() {
bool isAuthorized = false; // Track if msg.sender is a valid beneficiary
for (uint256 i = 0; i < beneficiaries.length; i++) {
if (msg.sender == beneficiaries[i] && isInherited) {
isAuthorized = true;break;
}
}
require(isAuthorized, "Not a valid beneficiary or inheritance not active"); // Explicitly revert unauthorized access
_;
}
Updates

Lead Judging Commences

0xtimefliez Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.