Inheritable Smart Contract Wallet

Summary

The sendETH function lacks a check for the contract's ETH balance before attempting a transfer. This omission can lead to failed transactions if the contract does not hold enough ETH, potentially disrupting expected operations.

Vulnerability Details

The function is designed to send a specified amount of ETH (_amount) to a recipient (_to). However, unlike the sendERC20 function, which includes a balance check before transferring tokens, sendETH directly attempts the transfer without verifying if the contract has sufficient ETH.

If _amount exceeds the contract’s available ETH balance, the transaction will fail, reverting all operations in the function call.

Impact

1. Unexpected Transaction Reverts: Calls to sendETH will fail if _amount exceeds the contract's ETH balance, leading to disrupted contract functionality.

2. Denial of Service (DoS): The owner may be unable to distribute ETH as intended, causing operational bottlenecks.

3. Inconsistent Logic: The sendERC20 function includes a balance check, ensuring safe transfers, while sendETH does not, leading to inconsistent safety mechanisms in the contract.

Tools Used

• Manual Review

Recommendations

1. Add a Balance Check Before Transfer: Ensure the contract holds enough ETH before attempting a transfer.

   require(address(this).balance >= _amount, "Insufficient ETH balance");

2. Implement Fallback Handling: If required, implement an alternative strategy such as partial transfers or logging failed attempts.

3. Enhance Testing: Include unit tests that simulate scenarios where the contract has insufficient ETH balance to verify proper error handling.

By implementing these fixes, the contract will prevent unnecessary transaction failures and maintain consistency in its asset transfer logic.