Submission Details
Severity:
In `InheritableManager.sol` `inherit` function, anyone can frontrun the real owner to claim ownership of the contract
Summary
The `inherit` function allows anyone to call it, when the conditions are right, and become the new owner. The problem is that in a public mempool which ethereum has, the actual owner transaction calling this function is available for everyone to see, making it possible for any rando to frontrun said transaction and claim the ownership for themselves.
Vulnerability Details
The issue occurs here:
function inherit() external {
if (block.timestamp < getDeadline()) {
revert InactivityPeriodNotLongEnough();
}
if (beneficiaries.length == 1) {
owner = msg.sender;
_setDeadline();
} else if (beneficiaries.length > 1) {
isInherited = true;
} else {
revert InvalidBeneficiaries();
}
}
Impact
The owner of the contract loses ownership, and with it, any funds associated with the contract.
Tools Used
Manual review, foundry test suite
Recommendations
Maybe use a whitelist system to allow access to the function
Updates
Lead Judging Commences
0xtimefliez 5 months ago
Submission Judgement Published Assigned finding tags:
Inherit depends on msg.sender so anyone can claim the contract
Rewards breakdown
nSLOC
211This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.