Beginner FriendlySolidity
100 EXP
View results
Submission Details
Severity: high
Valid

Improper beneficiary deletion in removeBeneficiary

Vulnerability Details

Just using delete keyword does not remove the element at given index, it just makes the value 0.

Impact

Beneficiaries will get less rewards when withdrawInheritedFunds will be called, because the amount that every beneficiary gets depends on the beneficiaries array length and it does not reduce when removeBeneficiary is called.

Tools Used

Manual Review

Recommendations

Replace old removeBeneficiary with this new one

function removeBeneficiary(address _beneficiary) external onlyOwner {
uint256 indexToRemove = _getBeneficiaryIndex(_beneficiary);
beneficiaries[indexToRemove] = beneficiaries[beneficiaries.length - 1] ;
beneficiaries.pop();
}
Updates

Lead Judging Commences

0xtimefliez Lead Judge 5 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Incorrect removal from beneficiary list causes funds to be send to 0 address

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.