Inheritable Smart Contract Wallet
First Flight #35
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

Division by Zero

cybernerd

Summary

The withdrawInheritedFunds and buyOutEstateNFT functions in the InheritanceManager contract contain a critical flaw where division by zero can occur if the beneficiaries array is empty. This issue can cause transaction reverts and prevent fund distribution.

Vulnerability Details

The contract assumes that beneficiaries.length is always greater than zero when performing fund distribution. However, if no beneficiaries have been added or all have been removed, the divisor in asset calculations becomes zero, leading to a division-by-zero error.

Impact

  • Any attempt to withdraw inherited funds or buy out an estate NFT when there are no beneficiaries will revert, making the contract unusable.

  • Could lead to locked funds if the owner is inactive and no valid beneficiaries exist to inherit assets.

Tools Used

  1. Manual Code Review

Recommendations

  1. Add a check at the beginning of withdrawInheritedFunds and buyOutEstateNFT to ensure there is at least one valid beneficiary before performing any division.

  2. Graceful Handling: Instead of reverting abruptly, return an error message indicating no valid beneficiaries exist.

  3. Require Minimum Beneficiaries: Enforce a requirement that at least one beneficiary must always exist before certain inheritance functions can execute.

Updates

Lead Judging Commences

0xtimefliez Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Design choice
0xtimefliez Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.