Inheritable Smart Contract Wallet

Summary

This vulnerability leads to funds being permanently stuck in the contract due to Solidity's integer division behavior

Vulnerability Details

The withdrawInheritedFunds function in InheritanceManager.sol contract is designed to distribute inherited ETH or ERC20 tokens among beneficiaries. However, due to Solidity's integer division, any remainder from the division is left in the contract, leading to fund accumulation over time.

Root Cause

Solidity performs integer division, meaning any remainder from the division (assetAmountAvailable / divisor) or (ethAmountAvailable / divisor) will remain in the contract instead of being distributed. This results in an accumulation of unclaimed funds over multiple transactions.

Affected Lines of Code

Impact

Financial loss due to accumulation of unclaimed funds, creating potential legal or operational issues as integer division is inherent to Solidity and affects all transactions.

• Trapped Funds: Over time, the contract accumulates ETH or ERC20 tokens that remain undistributed.

• Financial Loss: Beneficiaries receive slightly less than their actual share, leading to dissatisfaction and legal disputes.

• Contract Dysfunction: Future withdrawals may be affected if the contract depends on a precise balance.

• Dust Accumulation: These funds may be too small to be withdrawn through any other means, leading to irretrievable assets.

Proof of Concept (PoC)

Scenario:

1. Assume the contract holds 100 wei and has 3 beneficiaries.

2. The division calculation: 100 / 3 = 33 wei per beneficiary.

3. The remainder (100 % 3 = 1 wei) remains in the contract forever.

4. After multiple withdrawals, these small remainders accumulate, making the contract inefficient.

Tools Used

manual review

Recommendations

Implement logic to distribute the remainder to one of the beneficiaries (e.g., the first or last in the list):

Also for ERC20 tokens