Submission Details
Severity:
Access control issue : inherit() has no Access controls meaning anyone can Access and change the state even Ownership
Summary :
function inherit() external {
if (block.timestamp < getDeadline()) {
revert InactivityPeriodNotLongEnough();
}
if (beneficiaries.length == 1) {
owner = msg.sender;
_setDeadline();
} else if (beneficiaries.length > 1) {
isInherited = true;
} else {
revert InvalidBeneficiaries();
}
}
The inherit() function in the smart contract is vulnerable to unauthorized access, allowing anyone to potentially claim ownership or modify critical contract variables (like owner or isInherited). The function lacks proper access control, making it a potential target for attackers. If the owner loses their private keys, they are also unable to recover the contract or reclaim control securely
Vulnerability Details : The inherit() function does not implement any mechanism to restrict access to the contract owner or trusted parties. Any address can call this function as long as the conditions (like the deadline) are met, which could allow attackers or unauthorized users to modify the ownership and contract state
Impact :
1)Loss of Contract Control: Attacker can take Ownership or alter inheritance behavior.
2)Critical State Modifications: Unauthorized users can trigger changes in contract execution
3)Owner Key Loss : No secure recovery method exists for the original owner
Tools Used :
1)Solidity
2)Vs code
3)Manual code review
Recommendations : Use an onlyOwner modifier to restrict the inherit() function to the contract owner or trusted addresses. This would ensure that only the rightful owner can call the function to modify ownership or important contract states
function inherit() external onlyOwner
Updates
Lead Judging Commences
0xtimefliez 4 months ago
Submission Judgement Published Assigned finding tags:
Inherit depends on msg.sender so anyone can claim the contract
0xtimefliez 4 months ago
Submission Judgement Published Assigned finding tags:
Inherit depends on msg.sender so anyone can claim the contract
Rewards breakdown
nSLOC
211This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.