Improper Removal of Beneficiaries in removeBeneficiary
Summary
The removeBeneficiary function uses delete beneficiaries[indexToRemove] to remove a beneficiary, which sets the array element to address(0) without shrinking the array, leading to issues in loops where zero-addresses are treated as beneficiaries
Vulnerability Details
The removeBeneficiary function removes a beneficiary by setting the array element to address(0).
The delete operation sets beneficiaries[indexToRemove] to address(0) but does not reduce the array length.
Functions like withdrawInheritedFunds and buyOutEstateNFT iterate over the beneficiaries array and attempt to send funds to each address, including address(0) if present.
Sending ETH or ERC20 tokens to address(0) can succeed but effectively burns the funds, as address(0) cannot claim them.
Impact
Funds intended for distribution may be sent to address(0), effectively burning them and causing a loss of assets.
Tools Used
Manual code review.
Recommendations
Properly Remove Elements by Shifting and Reducing Array Length
Lead Judging Commences
Incorrect removal from beneficiary list causes funds to be send to 0 address
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.