Inheritable Smart Contract Wallet

Summary

The onlyBeneficiaryWithIsInherited modifier incorrectly allows iteration past the valid length of the beneficiaries array, causing a panic: out-of-bounds access (0x32) error when isInherited is false.

Vulnerability Details

The loop runs while i < beneficiaries.length + 1, meaning it iterates one step beyond the array bounds.

• If msg.sender is a valid beneficiary but isInherited is false, the loop never breaks and continues until i = beneficiaries.length, leading to an out-of-bounds array access.

• Expected behavior: The function should revert with a meaningful error message instead of running into a panic error.

Impact

Unexpected contract failures: Even if msg.sender is a valid beneficiary, they will experience an out-of-bounds panic error instead of a meaningful revert.

• Harder debugging: Solidity’s built-in error panic: array out-of-bounds access (0x32) makes it unclear why the function is failing.

• Denial of service: Any function using this modifier will be inaccessible to beneficiaries when isInherited is false, potentially blocking inheritance claims.

Tools Used

Manual review

Recommendations

✅ Fix the Loop Condition

Change the loop condition to i < beneficiaries.length instead of i < beneficiaries.length + 1:

CopyEdit

modifier onlyBeneficiaryWithIsInherited() { uint256 i = 0; while (i < beneficiaries.length) { // ✅ Correct boundary condition if (msg.sender == beneficiaries[i]) { require(isInherited, "Inheritance not activated"); _; return; } i++; } revert("Caller is not a beneficiary"); }

🔹 Why This Fix Works

• Prevents out-of-bounds access by ensuring i never exceeds beneficiaries.length - 1.

• Uses require(isInherited, "Inheritance not activated") to revert with a meaningful error instead of silently iterating.

• Ensures that only valid beneficiaries can proceed when isInherited is true.