Submission Details
Severity:
Violation Of Protocol Invariant "EVERY transaction the owner does with this contract must reset the 90 days timer" In Multple FUnctions
Summary
The protocol invariant "EVERY transaction the owner does with this contract must reset the 90 days timer" is violated in multiple onlyOwner functions that do not update the deadline.
Vulnerability Details
There are multiple onlyOwner functions that do not update the deadline by not calling the InheritanceManager::_setDeadline() function.
function createEstateNFT(string memory _description, uint256 _value, address _asset) external onlyOwner {
uint256 nftID = nft.createEstate(_description);
nftValue[nftID] = _value;
assetToPay = _asset;
}
function removeBeneficiary(address _beneficiary) external onlyOwner {
uint256 indexToRemove = _getBeneficiaryIndex(_beneficiary);
delete beneficiaries[indexToRemove];
}
function contractInteractions(address _target, bytes calldata _payload, uint256 _value, bool _storeTarget)
external
nonReentrant
onlyOwner
{
(bool success, bytes memory data) = _target.call{value: _value}(_payload);
require(success, "interaction failed");
if (_storeTarget) {
interactions[_target] = data;
}
}
Impact
Protocol invariant violation
Tools Used
Manual review
Recommendations
Ensure you update the
InheritanceManager::deadlineby calling theInheritanceManager::_setDeadline()every time anonlyOwnerfunction is called.
Updates
Lead Judging Commences
0xtimefliez 5 months ago
Submission Judgement Published Assigned finding tags:
functions do not reset the deadline
Rewards breakdown
nSLOC
211This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.