Inheritable Smart Contract Wallet

First Flight #35

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: high

Invalid

The contract allows adding address(0) as a beneficiary, which can lead to fund loss and contract control issues.

alekseyts

Summary

A critical vulnerability has been identified in the InheritanceManager contract's beneficiary management system. The contract allows adding address(0) as a beneficiary, which can lead to fund loss and contract control issues.

Vulnerability Details

The vulnerability exists in the beneficiary management system:

Missing Zero Address Validation:

The addBeneficiery function lacks validation for address(0)
Allows adding the zero address as a valid beneficiary
Funds sent to address(0) are permanently lost
Can affect contract ownership transfer mechanisms

Test Demonstration Shows:

Owner can add address(0) as a beneficiary
When inheritance is triggered, funds are split with address(0)
Half of the contract's funds are permanently lost
Potential loss of contract control if address(0) is in slot 0

From the test:

//SPDX-License-Identifier: MIT

pragma solidity 0.8.26;

import {Test, console} from "forge-std/Test.sol";

import {InheritanceManager} from "../src/InheritanceManager.sol";

import {ERC20Mock} from "@openzeppelin/contracts/mocks/token/ERC20Mock.sol";

contract InheritanceManagerAuditTest is Test {

InheritanceManager im;

ERC20Mock usdc;

ERC20Mock weth;

address owner = makeAddr("owner");

address user1 = makeAddr("user1");

function setUp() public {

vm.prank(owner);

im = new InheritanceManager();

usdc = new ERC20Mock();

weth = new ERC20Mock();

}

// test add beneficiary: missing check for addresss. if address is 0x0 we cannot distribute all funds to all beneficieries or we will burn the money or we will lose control/ownership of the contract. example: 0x01, 0x02, 0x0, 0x03 | 0x0, 0x01, 0x02

// test: inherit: dealine does not reset in: else if (beneficiaries.length > 1)

// same test could be used as proof that after call of 'inherit' immediatly call 'withdrawInheritedFunds'

// fix: add address check >> require(address != address(0))

function test_addBeneficiary_missingAddressCheckk() public {

// based on inherit:

// 1. the owner lost his keys and wants to reclaim this contract from beneficiaries slot0

// and if it is work as expected and owner pass address(0) it will lose ownership

vm.startPrank(owner);

im.addBeneficiery(address(0));

im.addBeneficiery(user1);

vm.stopPrank();

uint256 amount = 10e10;

// contract could be funded on deploy or via self destruct by another contract

vm.deal(address(im), amount);

assertEq(0, address(user1).balance);

assertEq(0, address(0).balance);

vm.warp(1 + 90 days);

vm.startPrank(owner);

im.inherit();

im.withdrawInheritedFunds(address(0));

vm.stopPrank();

assertEq(amount / 2, address(user1).balance);

assertEq(amount / 2, address(0).balance);

}

The test proves this by:

Adding address(0) and a valid beneficiary
Funding the contract with 10e10 wei
Triggering inheritance mechanism
Demonstrating that:
- Half of funds are sent to address(0) (permanently lost)
- Half of funds are sent to the valid beneficiary
- No way to recover funds sent to address(0)

Impact

Critical severity. The vulnerability allows:

Permanent loss of funds through transfers to address(0)
Potential loss of contract control
Disruption of inheritance mechanism
Unrecoverable state if address(0) is used in critical positions

Tools Used

Manual code review
Foundry test framework
Custom test cases demonstrating fund loss
State transition analysis

Recommendations

Add zero address validation:

contract InheritanceManager {

function addBeneficiery(address _beneficiary) external {

require(_beneficiary != address(0), "Cannot add zero address as beneficiary");

// Continue with existing logic...

}

Add safety checks for beneficiary management:

Validate all address inputs
Add checks for critical beneficiary positions
Implement recovery mechanisms

Enhance inheritance mechanism:

Skip zero addresses in fund distribution
Add validation for ownership transfer targets
Implement proper deadline reset in all conditions

Updates

Lead Judging Commences

0xtimefliez Lead Judge 9 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

211

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!