Incorrect Beneficiary Removal in `InheritanceManager` Creates Zero Address Gaps Leading to Fund Loss
Summary
The removeBeneficiary function in the InheritanceManager contract leaves gaps in the beneficiaries array without reducing the array length, causing funds to be sent to zero addresses.
Finding Description
The removeBeneficiary function uses the delete keyword to remove a beneficiary from the array. This leaves a gap in the array at the removed index, which can cause issues when iterating over the beneficiaries array. Specifically, when distributing funds, the contract may send funds to the zero address, resulting in lost funds.
Using delete creates gaps:
Withdrawals send funds to address(0) when iterating original-length array.
Impact Explanation
This affects the removeBeneficiary function, which is used to remove beneficiaries from the contract. When funds are distributed, the contract may send funds to the zero address, resulting in lost funds.
Likelihood Explanation
The likelihood of this vulnerability being encountered is high because it affects the removeBeneficiary function, which is used to remove beneficiaries and its. Any time a beneficiary is removed, the contract may leave a gap in the array, causing issues when distributing funds.
Recommendation
To fix this issue, the removeBeneficiary function should use a "swap and pop" approach to maintain a dense array:
Lead Judging Commences
Incorrect removal from beneficiary list causes funds to be send to 0 address
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.