Beginner FriendlySolidity
100 EXP
View results
Submission Details
Severity: high
Valid

Improper Removal of Beneficiary Causing Funds to be Sent to Zero Address

Summary

The removeBeneficiary() function employs delete beneficiaries[index], which only zeroes out the address at that index but does not reduce the beneficiaries array’s length. Subsequently, withdrawInheritedFunds() relies on the full array length for distributing funds to beneficiaries.

Vulnerability Details

Because the array length remains unchanged and still includes the “deleted” slot, the portion of inheritance meant for that slot is sent to the zero address (address(0)) instead. This results in a permanent and non-recoverable loss of funds.

In Solidity, delete beneficiaries[index] replaces the specified index with address(0) but leaves the array length intact. As a result, any looping distribution—for example:

uint256 amountPerBeneficiary = address(this).balance / beneficiaries.length;
for (uint256 i = 0; i < beneficiaries.length; i++) {
(bool success,) = payable(beneficiaries[i])
.call{value: amountPerBeneficiary}("");
require(success, "Transfer failed");
}

will distribute one share to beneficiaries[i] even when beneficiaries[i] == address(0). Thus, that share is effectively “burned,” and legitimate beneficiaries receive less total distribution.

Impact

Once funds are directed to the zero address, they are irretrievably lost, lowering the actual inheritance for valid beneficiaries. If the contract handles significant Ether or token amounts, these losses could be considerable.

Tools Used

Manual Anlaysis.

Recommendations

Remove a beneficiary by updating array structure rather than simply zeroing out the address. A common, safe pattern involves swapping the last element into the removed spot and then using .pop() to shorten the array

Updates

Lead Judging Commences

0xtimefliez Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Incorrect removal from beneficiary list causes funds to be send to 0 address

0xtimefliez Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Incorrect removal from beneficiary list causes funds to be send to 0 address

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.