Inheritable Smart Contract Wallet

First Flight #35

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Invalid

beneficier with address 0x0 can be added

mishoko

Summary:
there is no point of being able to add 0x0 address as a beneficiery

Vulnerability Details

function test_addBeneficiaryMultipleTimes() public {

vm.deal(address(im), 10e18);

vm.startPrank(owner);

im.addBeneficiery(address(0x0));

vm.warp(block.timestamp + 92 days);

im.inherit();

im.withdrawInheritedFunds(address(0));

vm.stopPrank();

console.log("get user1:", im._getBeneficiaryIndex(user1));

console.log("balance 0x0", address(0x0).balance);

}

Impact

potential permanent loss of fund. address 0x0 can be added as a test and then owner can forget about it. there is no easy way to check existing benficieries which does nto help.

Tools Used

Recommendations

there should be a check in addBeneficiery` function for 0x0

Updates

Lead Judging Commences

0xtimefliez Lead Judge 3 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

211

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.