Inheritable Smart Contract Wallet

Summary

The buyOutEstateNFT function in the InheritanceManager contract contains a precision loss vulnerability due to performing division before multiplication when calculating the final payment amount.

Vulnerability Details

In the buyOutEstateNFT function, the code calculates the payment amount with this formula:

This calculation divides the NFT value by the number of beneficiaries first (potentially losing precision due to integer division), and then multiplies by another value. This sequence leads to unnecessary precision loss.

For example, if:

• value = 100

• divisor (beneficiaries.length) = 3

• multiplier (beneficiaries.length - 1) = 2

The calculation would be:

• 100 / 3 = 33 (truncated)

• 33 * 2 = 66

But the mathematically correct result should be:

• (100 * 2) / 3 = 66.66... ≈ 66

In this simple case the difference is minimal, but with larger values or smaller fractions, the precision loss could be significant.

Impact

This precision loss leads to financial discrepancies where beneficiaries receive less value than they should. While individual transactions might have minimal impact, over time or with large values, this can cause:

1. Material financial loss for beneficiaries

2. Incorrect distribution of estate assets

3. Undermined trust in the contract's fairness

The severity is medium because it consistently causes financial loss but doesn't lead to catastrophic contract failure.

Tools Used

Manual code review

Recommendations

Modify the calculation to perform multiplication before division:

This change ensures maximum precision is maintained during the calculation while producing the mathematically correct result.