Inheritable Smart Contract Wallet

Summary

The removeBeneficiary function in the InheritanceManager contract does not properly remove a beneficiary from the beneficiaries array. Instead of shifting elements or replacing the removed address properly, it leaves a gap by setting the beneficiary’s slot to address(0). This can cause fund misallocation when inheritance distribution occurs, potentially leading to lost funds if a share is mistakenly sent to address(0).

Vulnerability Details

• The function removeBeneficiary(address _beneficiary) is intended to remove a specific beneficiary from the beneficiaries array.

• However, it only deletes the entry at the specified index, leaving an empty slot (address(0)) instead of properly restructuring the array.

• When the withdrawInheritedFunds function calculates fund distribution, it includes this empty slot in the division, potentially allocating a portion of funds to address(0), burning them permanently.

• The issue arises due to the following logic:

• This results in:

1. An incorrect array length assumption during fund splitting.

2. A portion of the inheritance is being sent to address(0), effectively burning funds.

Impact

• Loss of funds: A share of the inheritance can be mistakenly sent to address(0), permanently removing it from circulation.

• Unequal fund distribution: Remaining beneficiaries do not receive the full intended inheritance, leading to disputes or financial losses.

• Unexpected contract behavior: The contract does not function as expected, violating core inheritance logic.

Tools Used

Foundry &b Manual Review

Recommendations

To fix this issue, update removeBeneficiary to properly remove an address by shifting elements instead of just deleting them:

This will

• It prevents gaps by replacing the removed beneficiary with the last element.

• It correctly updates the array length, preventing division miscalculations in inheritance distribution.

• It ensures funds are distributed properly without sending any to address(0).