Inheritable Smart Contract Wallet

Summary

If the owner of the InheritanceManager.sol contract has not had any transaction activity past the deadline and only has 1 beneficiary listed, a malicious user can take ownership of the contract.

Vulnerability Details

Since the inherit() function allows for ANY msg.sender to call it and become the owner of the contract if the inactivity period has passed and there is only 1 beneficiary, this allows for a malicious user to take control of the contract and utilize the sendERC20() and sendETH() functions to be able to drain the ineritance.

The malicious user is also able to add and remove beneficiaries, which could include removing all other beneficiaries and adding themselves as sole beneficiary. This would also allow for the user to buy out any Estate NFT using the buyOutEstateNFT. If the contract were to be expanded to a point of not requiring off-chain lawers to be involved with ownership/valuation this would allow the malicious user to take full control of them as well.

Impact

This can result in total loss of funds from the inheritance as the malicious user who is now in control of the contract would be able to send themselves all of the funds contained within the contract using the sendERC20() and sendETH() functions.

It can also lead to the transfer of ownership of Estate NFTs.

Tools Used

Manual review and Foundry

Recommendations

Within the inherit() function, do not allow owner to be changed to msg.sender. Instead, allow for the owner to have a secondary whitelisted wallet address they can upload at deployment of the contract that is allowed to have contract ownership transferred to it once the inactivity deadline passes.