Inheritable Smart Contract Wallet
First Flight #35
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Insecure Beneficiary Removal Leaving Zero Address

ekene

Summary:
The InheritanceManager::removeBeneficiary function does not fully delete a beneficiary; it only replaces the entry with a zero address, which can still be interpreted as a valid beneficiary.

Vulnerability Details:
Using the delete keyword only resets the value to the zero address rather than removing the element from the array.

Test & Code Example
function test__removeBeneficiary_only_replaces_address_with_zero_address() public inheritanceSetUp {
vm.startPrank(address(this));
uint user3Index = im._getBeneficiaryIndex(user3);
im.removeBeneficiary(user3);
console.log('here is the index ', user3Index);
assertEq(user3Index, im._getBeneficiaryIndex(address(0)));
vm.stopPrank();
}

Impact:
High – Leaving a zero address in the array could affect inheritance distributions and contract logic.

Tools Used:
slither, aderyn, foundry

Recommendations:
Replace the beneficiary to be removed with the last element in the array and then call .pop() to delete the last entry.

Diff Recommendation
function removeBeneficiary(address _beneficiary) external onlyOwner {
uint256 indexToRemove = _getBeneficiaryIndex(_beneficiary);
- delete beneficiaries[indexToRemove];
+ beneficiaries[indexToRemove] = beneficiaries[beneficiaries.length - 1];
+ beneficiaries.pop();
}
Updates

Lead Judging Commences

0xtimefliez Lead Judge 9 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Incorrect removal from beneficiary list causes funds to be send to 0 address

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!