Inheritable Smart Contract Wallet
First Flight #35
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

No validation to prevent duplicate beneficiaries from being added.

vincent71399

Description: In InheritanceManager:addBeneficiery, there is no check for adding duplicate beneficiaries. the same beneficiary can be added multiple times.

Impact: This could lead to confusion and potential issues when distributing assets to beneficiaries. like buyOutEstateNFT and withdrawInheritedFunds
if the same beneficiary is added multiple times, if 2 times, when buying out the estate, the beneficiary only need to pay 1/2 of the total value.

Proof of Concept: Add the following test and run it

function test_addDuplicateBeneficiary() public {
vm.startPrank(owner);
im.addBeneficiery(beneficiary1);
im.addBeneficiery(beneficiary1);
im.createEstateNFT("my estate", 2e18, address(usdc));
vm.stopPrank();
vm.warp(im.getDeadline());
im.inherit();
usdc.mint(beneficiary1, 1e18);
vm.startPrank(beneficiary1);
usdc.approve(address(im), 1e18); // buyer only need to pay 1/2 of the total value
im.buyOutEstateNFT(1);
vm.stopPrank();
}

Recommended Mitigation:
should check if the beneficiary is already in the array before adding it. better use mapping instead of looping through the array.

mapping(address => bool) public isBeneficiary;
...
function addBeneficiery(address _beneficiary) external onlyOwner {
require(!isBeneficiary(_beneficiary), "Beneficiary already added");
beneficiaries.push(_beneficiary);
isBeneficiary(_beneficiary) = true;
_setDeadline();
}
Updates

Lead Judging Commences

0xtimefliez Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!