Inheritable Smart Contract Wallet

Summary

The withdrawInheritedFunds function lacks the onlyBeneficiaryWithIsInherited modifier that other inheritance-related functions have. This allows any address to trigger fund distribution once inheritance is active, not just the beneficiaries.

Vulnerability Details

The current implementation:

Other inheritance-related functions properly use the modifier:

• buyOutEstateNFT: external onlyBeneficiaryWithIsInherited

• appointTrustee: external onlyBeneficiaryWithIsInherited

The issue:

1. Any external address can call withdrawInheritedFunds once isInherited is true

2. This bypasses the intended access control where only beneficiaries should trigger distribution

3. Could lead to premature or unwanted distribution of funds

Impact

LOW

• Disrupts intended access control

• Allows non-beneficiaries to trigger fund distribution

• Doesn't directly risk funds (distribution still goes to correct beneficiaries)

• Violates principle of beneficiary control over inheritance process

Likelihood: Medium

• Can be triggered by any external address

• Requires inheritance to be active

• No complex exploitation steps

Exploit Scenario:

1. Owner sets up inheritance with multiple beneficiaries

2. Owner becomes inactive for 90+ days

3. A beneficiary calls inherit() to activate inheritance

4. Before beneficiaries can coordinate their actions, a malicious third party calls withdrawInheritedFunds

5. Funds are distributed prematurely, potentially disrupting beneficiaries' plans

6. Beneficiaries lose control over the timing of distribution

Tools Used

• Manual review

• Code inspection

• Foundry tests

Recommendations

Add the onlyBeneficiaryWithIsInherited modifier to the function:

This change would:

• Ensure only beneficiaries can trigger fund distribution

• Maintain consistent access control across inheritance functions

• Preserve beneficiaries' control over the inheritance process

• Align with the contract's intended security model