Submission Details
Severity:
`InheritanceManager:_getBeneficiaryIndex` will return 0 if the caller is not a beneficiary, same if call by the beneficiary at index 0
Description:
when the beneficiary at index 0 call InheritanceManager:_getBeneficiaryIndex, it will also return 0.
when a non-beneficiary call InheritanceManager:_getBeneficiaryIndex, it will also return 0.
Impact:
This could mislead a non-beneficiary into mistakenly believing they are a beneficiary.
Proof of Concept:
Add following test into InheritanceManager.t.sol and run the test.
address beneficiary1 = makeAddr("beneficiary1");
address otherUser = makeAddr("otherUser");
...
function test_getBeneficiaryIndexNonBeneficiary() public {
vm.prank(owner);
im.addBeneficiery(beneficiary1);
assertEq(0, im._getBeneficiaryIndex(beneficiary1));
// non-beneficiary
assertEq(0, im._getBeneficiaryIndex(otherUser));
}
Recommended Mitigation:
should reconsider using mapping(address->bool) to replace the array to check if the address is a beneficiary.
+ mapping(address => bool) public isBeneficiary;
...
modifier onlyBeneficiaryWithIsInherited() {
require(isBeneficiary(msg.sender), "Not a beneficiary");
require(isInherited, "Not yet inherited");
_;
}
function addBeneficiery(address _beneficiary) external onlyOwner {
...
+ isBeneficiary(_beneficiary) = true;
_setDeadline();
}
function removeBeneficiary(address _beneficiary) external onlyOwner {
...
+ isBeneficiary(_beneficiary) = false;
_setDeadline();
}
Rewards breakdown
nSLOC
211This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.