Uninitialized Return Value in InheritanceManager::_getBeneficiaryIndex Leads to Incorrect Beneficiary Removal
Summary
The _getBeneficiaryIndex function in the InheritanceManager contract fails to handle the case where a beneficiary does not exist in the beneficiaries array. If the beneficiary is not found, it implicitly returns 0 due to Solidity’s default behavior for uninitialized variables, which can lead to the incorrect removal of the beneficiary at index 0 in the removeBeneficiary function.
Vulnerability Details
f the _beneficiary address is not found in the beneficiaries array, the loop completes without assigning a value to _index. In Solidity, uninitialized local variables default to 0. As a result, the function returns 0 even when the beneficiary does not exist.
This function is called by removeBeneficiary:
When _getBeneficiaryIndex returns 0 for a non-existent beneficiary, delete beneficiaries[0] removes the first beneficiary in the array, regardless of whether it matches the intended _beneficiary.
Impact
f the owner attempts to remove a non-existent beneficiary, the contract will mistakenly delete the beneficiary at index 0. This could lead to unintended loss of inheritance rights for a legitimate beneficiary.
Tools Used
Manual code review
Recommendations
Modify _getBeneficiaryIndex to explicitly check if the beneficiary exists and revert if it does not, preventing unintended behavior in removeBeneficiary.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.