Duplicate Beneficiaries Can Be Added Without Validation
Summary
The addBeneficiery function allows the same address to be added multiple times as a beneficiary, which can lead to redundant entries and potential unexpected behavior when distributing inheritance funds.
Vulnerability Details
The function does not check if
_beneficiaryis already in thebeneficiariesarray, meaning duplicate entries are possible.If a beneficiary is added multiple times, they may be counted multiple times in iterative operations (e.g., fund distribution, inheritance claims).
This could lead to inefficient gas usage, unintended favoritism, or even reversion issues in loops that assume unique entries.
Problematic Code
** No verification step** ensures _beneficiary is unique.
Allows duplicate entries, potentially causing unexpected behavior.
Impact
Gas inefficiency: Duplicate addresses in the beneficiaries array lead to unnecessary iterations in loops.
Potential over-distribution: If funds are allocated based on the number of times an address appears, a single user could receive more than intended.
Possible function reverts: If other contract functions assume unique entries and iterate over
beneficiaries, an unexpected duplicate could break logic.
Tools Used
Manual Review
Recommendations
✅ Fix: Ensure Unique Beneficiaries
Modify the function to check for duplicates before adding a new beneficiary:
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.