Inheritable Smart Contract Wallet

Description

The _getBeneficiaryIndex() function contains a critical vulnerability in how it handles non-existent beneficiary addresses. The function is designed to return the index of a beneficiary in the beneficiaries array, but it fails to properly handle cases where the address is not found.

The issue stems from the implicit initialization of the return variable _index to 0. When the function is called with an address that doesn't exist in the array, it completes the loop without finding a match, and therefore returns the default value of 0, which is indistinguishable from a successful lookup of the beneficiary at index 0.

Impact

This vulnerability has several significant consequences:

1. False Positives: The function incorrectly suggests that a non-existent beneficiary is located at index 0, leading to confusion and potential misuse.

2. Dependent Function Failures: Functions relying on _getBeneficiaryIndex() (such as removeBeneficiary()) will operate on the wrong array element when dealing with non-existent beneficiaries.

3. Silent Failures: The issue doesn't trigger any errors or reverts, making it difficult to detect when non-existent beneficiaries are being processed.

4. Critical Data Corruption: This can lead to unintended modification or deletion of the first beneficiary's data, potentially disrupting the entire inheritance structure.

5. Previously deleted beneficiary returns index 0 when _getBeneficiaryIndex is called with the beneficiary.

Recommendation

The function should be modified to explicitly handle the case when a beneficiary is not found:

Use a revert mechanism

Tools Used

• Manual Code Review

• Foundry test suite