Description

The sendETH(uint256 _amount, address _to) function in InheritanceManager.sol is vulnerable to a reentrancy attack. The function executes an external call to _to.call{value: _amount}(); before updating critical state variables, allowing an attacker to recursively call sendETH() and drain contract funds.

Summary

The sendETH() function in InheritanceManager.sol is vulnerable to a reentrancy attack because it executes an external call before updating critical state variables. This allows an attacker to recursively call the function and drain contract funds.

Key Details:

• Severity: High

• Impact: Attackers can exploit the flaw to withdraw funds repeatedly before the state is updated.

• Proof of Concept: Demonstrated using a malicious contract that exploits the vulnerability.

• Tools Used: Slither (static analysis) and Foundry/Hardhat (testing).

Vulnerability Details

The sendETH() function in InheritanceManager.sol is vulnerable to a reentrancy attack. It performs an external call to _to.call{value: _amount}(); before updating critical state variables. This allows an attacker to recursively call sendETH() and drain contract funds before the state update occurs.

Impact

• Financial Loss: Attackers can exploit the vulnerability to withdraw more funds than intended, depleting the contract’s balance.

• Security Risk: Unprotected ETH transfers before state updates leave the contract open to repeated exploitations.

Tools Used

• Slither: Used for static analysis to detect vulnerabilities.

• Foundry: Used for testing the Proof of Concept (PoC) exploit.

Recommendations

• Use OpenZeppelin’s reentrancygurad:

import "@openzeppelin/contracts/security/ReentrancyGuard.sol";
contract InheritanceManager is ReentrancyGuard {

• Apply nonReentrant Modifier to sendETH()

• Update State Before External Calls: Move state updates before executing external transactions to prevent reentrancy.