Beginner FriendlySolidity
100 EXP
View results
Submission Details
Severity: high
Valid

Reentrancy Risk in withdrawInheritedFunds function due to missing of nonReentrant modifier

Summary

The withdrawInheritedFunds function does not have a reentrancy guard, allowing malicious beneficiaries to exploit recursive calls when receiving ETH. This can result in fund depletion before legitimate beneficiaries receive their share.

Vulnerability Details

In the withdrawInheritedFunds function there is no reentrancy guard:

function withdrawInheritedFunds(address _asset) external //No Reentrancy Guard Here {
if (!isInherited) {
revert NotYetInherited();
}
....
}

The function sends ETH using call, which allows reentrancy if the recipient is a smart contract.

A malicious contract can repeatedly call withdrawInheritedFunds upon receiving ETH, draining the contract's balance before the loop completes.

Impact

A single malicious beneficiary can withdraw all ETH before others receive their share.

Tools Used

Manual Review

Recommendations

Implement nonReentrant modifier that was created previously but not used.

Updates

Lead Judging Commences

0xtimefliez Lead Judge 5 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Wrong value in nonReentrant modifier

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.