Lack of beneficiary validation upon ownership change allows for anyone to become the wallet owner after the deadline has passed and there is only one beneficiary.
The InheritanceManager::inherit
function contains logic to transfer ownership of the contract to msg.sender
if the inactivity deadline has passed with the intent for the single beneficiary to inherit the contract. However, it does so without verifying that the caller is the legitimate sole beneficiary allowing for anyone take ownership.
The vulnerability allows for a malicious actor to claim ownership of the contract and steal all available assets.
Owner adds funds to the inheritance manager
Adds Bob as the sole beneficiary
Owner is inactive for 90+ days
Alice claims ownership as the deadline has passed and steals all funds
Add the above test to InheritanceManagerTest.t.sol
and run with forge test --mt test_anyoneCanClaimOwnership
Foundry
Verify that the caller is the actual beneficiary:
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.