Out-of-Bounds Array Access in onlyBeneficiaryWithIsInherited Modifier
Summary
There's a bug in the onlyBeneficiaryWithIsInherited modifier that can cause an out-of-bounds error when checking if the caller is a beneficiary. The issue comes from an incorrect loop condition, which allows the index to go beyond the length of the beneficiaries array. If this happens, the contract will revert, making functions that use this modifier completely unusable.
Vulnerability Details
Line 53
Notice the +1 in the condition. That means the loop will try to access beneficiaries[i] even when i is out of bounds, causing an immediate revert. As a result:
Beneficiaries won't be able to call certain functions (like buyOutEstateNFT() or appointTrustee()).
Inheritance functions may be completely broken, leaving funds stuck.
Impact
No beneficiary use functions protected by this modifier.
Inheritance assets may become inaccessible forever.
The contract could be unusable after deployment unless fixed.
Tools Used
Foundry
Manual code review
Recommendations
To fix the issue modify the onlyBeneficiaryWithIsInherited modifier to ensure safe array access:
This way, if msg.sender isn’t in the beneficiaries list, it fails gracefully with a proper error message instead of crashing the whole function.
Appeal created
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.