Inheritable Smart Contract Wallet

First Flight #35

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: high

Invalid

Use `EnumerableSet` instead of array.

gunboats

Summary

Use EnumerableSet instead for storing benefitancies to fix multiple problem.

Vulnerability Details

removeBenefitancy is wrong if you called with address not in the benefitancies, as it will set the first address into address zero and not removing address.
Address inbenefitancies can be duplicated.
A address in later index of benefitancies will have a higher gas cost from interacting with the contract.

Impact

A first benefitancy will lose access to fund and split calculation will be wrong. Gas can be problematic with high amount of benefitancies.

Tools Used

Foundry

Recommendations

Use OpenZeppelin's EnumerableSet instead of having a benefitancies array. As it has O(1) for read for onlyBeneficiaryWithIsInherited and a function for add and remove benefitancies correctly

import {EnumerableSet} from "@openzeppelin/contracts/utils/structs/EnumerableSet.sol"

contract InheritanceManager {

using EnumerableSet for EnumerableSet.AddressSet;

EnumerableSet.AddressSet benefitancies;

.....

modifier onlyBeneficiaryWithIsInherited() {

if(!benefitancies.contains(msg.sender) && isInherited) {

revert();

}

function addBeneficiery(address _beneficiary) external onlyOwner {

require(_beneficiary != address(0));

beneficiaries.add(_beneficiary);

_setDeadline();

}

function removeBeneficiary(address _beneficiary) external onlyOwner {

require(benefitancies.remove(_beneficiary));

}

// view function

function beneficiariesLength() external view returns (uint256) {

return benficiaries.length();

}

function beneficiaries() external view returns (address[]) {

return benficiaries.values();

}

function beneficiariesByIndex(uint256 _index) external view returns (address) {

return benficiaries.at(_index);

}

function IsBeneficiaries(address _candidate) external view returns (bool) {

return beneficiaries.contains(_candidate);

}

Updates

Lead Judging Commences

0xtimefliez Lead Judge 6 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Rewards breakdown

nSLOC

211

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.