Missing receive() and fallback() Functions in InheritanceManager
Summary
The InheritanceManager contract lacks both receive() and fallback() functions, preventing direct ETH transfers to the contract. This limitation creates a critical inconsistency with the contract's functionality, as several methods assume the contract can hold and distribute ETH.
Vulnerability Details
The InheritanceManager contract includes functions that explicitly handle ETH stored within the contract:
sendETH()- Sends ETH from the contract to a specified addresswithdrawInheritedFunds(address(0))- Distributes ETH equally to beneficiaries
Impact
When attempting to send ETH directly to the contract (e.g., via address(inheritanceManager).transfer(amount) or payable(address(inheritanceManager)).call{value: amount}("")), the transaction will revert.
The only viable way to add ETH to the contract is through the contractInteractions() function with a _value parameter, which is unnecessarily complicated for basic ETH deposits.
Functionality Failure: The contract cannot fulfill its core purpose of distributing ETH to beneficiaries if it cannot receive ETH in the first place.
Inconsistent UX: Users expect to be able to fund the contract directly, as implied by the existence of
sendETH()andwithdrawInheritedFunds(address(0)).Contract Integration Issues: Other contracts or applications that attempt to send ETH to this contract will fail.
Tools Used
In major audit frameworks:
Consensys Diligence: Would classify this as "High" as it's a "flaw that directly impacts a core function"
Trail of Bits: Would categorize as "High" as it "prevents the contract from functioning as intended"
Recommendations
add the missing functions
Lead Judging Commences
Missing receive() or fallback() function
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.