Inheritable Smart Contract Wallet

Summary

The withdrawInheritedFunds function in the InheritanceManager contract lacks proper access control. While it checks if inheritance has been triggered via the isInherited flag, it does not verify that the caller is actually a beneficiary. This allows any external address to initiate fund distribution once the inheritance process has been activated.

Vulnerability Details

The vulnerable function is implemented as follows:

The function only checks for isInherited status but fails to verify that msg.sender is part of the beneficiaries array. This contrasts with other inheritance-related functions like buyOutEstateNFT and appointTrustee, which correctly use the onlyBeneficiaryWithIsInherited modifier to restrict access.

Impact

The impact of this vulnerability is high:

1. Unauthorized Fund Distribution: Any external actor can trigger the distribution of funds (ETH or ERC20 tokens) once inheritance is activated, potentially at a time that is disadvantageous to the beneficiaries.

2. Forced Execution: Malicious actors could force the execution of this function before beneficiaries have had time to prepare (e.g., setting up wallets or making other arrangements).

3. DOS Attack: A malicious actor could repeatedly call this function with different token addresses, causing unnecessary gas costs for beneficiaries and potentially disrupting legitimate withdrawal attempts.

4. Timing Manipulation: A front-runner could observe a beneficiary's attempt to call this function and execute it first, potentially manipulating the timing for their own benefit.

Tools Used

Manual code review.

Recommendations

1. Add appropriate access control by using the existing onlyBeneficiaryWithIsInherited modifier:

1. Alternatively, implement explicit beneficiary verification:

1. Consider adding a tracker to prevent multiple withdrawals of the same asset:

1. Add events to track withdrawals: