Inheritable Smart Contract Wallet

First Flight #35

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

Owner is unable to send ETH to the InheritanceManager.sol contract

mustby

Summary

The InheritanceManager.sol contract fails to accept incoming ETH transfers due to the absence of "receive()" and "fallback()" functions. This results in the contract rejecting any direct ETH transfers. This is a significant issue in the context of the contract's intended functionality, which involves managing assets, including ETH, for inheritance purposes.

Vulnerability Details

The contract was designed to manage and distribute assets, including ETH, after a timelock period. However, without the "receive()" and "fallback()" functions, the contract cannot accept ETH directly, causing any ETH sent to it to revert. This prevents the contract from performing its intended function of holding and managing ETH balances for the owner and beneficiaries.

Impact

Funds may be lost: If users or automated systems attempt to send ETH to the contract, the transaction will fail, potentially resulting in lost funds if they are unaware of this limitation.
Contract functionality disruption: The contract is designed to manage assets like ETH, but without the ability to receive ETH, beneficiaries and the owner are unable to properly interact with the contract.
User confusion: Users may unknowingly attempt to send ETH, causing confusion when the transaction fails without a clear reason.

Tools Used

Manual code review: I have identified the lack of "receive()" and "fallback()" functions.
Foundry: I used Foundry to test the contract and confirm the absence of ETH acceptance functionality. I was able to confirm that WITHOUT the receive and fallback functions, an owner is unable to send ETH to the contract. Once I added the functions, it worked as intended.

Recommendations

Add a "receive()" function to enable the contract to accept direct ETH transfers. This can be added in the "wallet functionality" section of "InheritanceManager.sol"
Implement a "fallback()" function to catch and accept ETH sent to non-existent functions. This can also be added in the "wallet functionality" section of "InheritanceManager.sol"
Consider adding checks or more detailed error messages to guide users about the functionality of the contract in relation to ETH transfers.
Here is the exact code that can be added:

/**
* @dev Function to allow the contract to receive ETH directly.
*/
receive() external payable {}

/**
* @dev Fallback function to catch invalid calls & still accept ETH.
*/
fallback() external payable {}

Updates

Lead Judging Commences

0xtimefliez Lead Judge 6 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Missing receive() or fallback() function

Rewards breakdown

nSLOC

211

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.