Submission Details
Severity:
Security Vulnerabilities 2
Summary
Logical & Functional Issues
Vulnerability Details
Incorrect Beneficiary Removal Logic
Impact
The function removeBeneficiary() deletes an entry from the array but does not shift remaining elements. This leaves a gap and can cause unexpected behavior.
Tools Used
/**
* @dev removes entries from beneficiaries in case inheritance gets revoked or
* an address needs to be replaced (lost keys e.g.)
* @param _beneficiary address to be removed from the array beneficiaries
*/
function removeBeneficiary(address _beneficiary) external onlyOwner {
uint256 indexToRemove = _getBeneficiaryIndex(_beneficiary);
delete beneficiaries[indexToRemove];
}
Recommendations
Fix removeBeneficiary() to shift array elements properly
function removeBeneficiary(address _beneficiary) external onlyOwner {
uint256 indexToRemove = _getBeneficiaryIndex(_beneficiary);
require(indexToRemove < beneficiaries.length, "Invalid beneficiary");
// Move the last element into the removed slot
beneficiaries[indexToRemove] = beneficiaries[beneficiaries.length - 1];
beneficiaries.pop();
}
Updates
Lead Judging Commences
0xtimefliez 3 months ago
Submission Judgement Published Assigned finding tags:
Incorrect removal from beneficiary list causes funds to be send to 0 address
Rewards breakdown
nSLOC
211This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.