[H-4] Missing receive() Function Prevents Direct ETH Transfers to Contract
Summary
The InheritanceManager contract lacks a receive() function, which prevents the owner from sending ETH directly to the contract. This limitation reduces usability.
Vulnerability Details
The contract is designed to handle ETH as part of its inheritance functionality, as evidenced by the sendETH and withdrawInheritedFunds functions that transfer ETH. However, it lacks a receive() or fallback() function that would allow it to accept direct ETH transfers:
Without a receive function:
Direct ETH transfers to the contract will revert
ETH cannot be sent to the contract via
.send()or.transfer()
This is particularly problematic for a wallet-like contract meant to store and manage assets as part of an inheritance system.
Impact
This vulnerability impacts usability and interoperability:
Owner or users attempting to send ETH directly to the contract address will have their transactions fail
The severity is high because it renders one of the main purposes of the contract inusable.
Tools Used
Manual code review
Recommended Mitigation
Implement a receive() function to allow the contract to accept direct ETH transfers:
Lead Judging Commences
Missing receive() or fallback() function
Missing receive() or fallback() function
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.