Submission Details
Severity:
Timelock period can be bypassed by miners or validators who can manipulate the block.timestamp
Summary
The InheritanceManager::inherit() function checks that the timelock period has passed based on the block.timestamp.
This is insecure because block.timestamp can be manipulated by miners or validators.
Vulnerability Details
function test_attackerManipulateTime() public {
// owner adds two beneficiaries
address beneficiaryOne = makeAddr("beneficiaryOne");
address beneficiaryTwo = makeAddr("beneficiaryOne");
vm.startPrank(owner);
im.addBeneficiery(beneficiaryOne);
im.addBeneficiery(beneficiaryTwo);
vm.stopPrank();
// beneficiaries collude with validator to manipulate block.timestamp into the future
vm.warp(1 + 90 days);
// after timelock period, inherit is triggered
address attacker = makeAddr("attacker");
vm.startPrank(attacker);
im.inherit();
vm.stopPrank();
assertEq(im.getIsInherited(), true);
}
Impact
Beneficiaries can collude with a miner or validator to manipulate block.timestamp in a transaction used to trigger the inherit process before 90 days has passed.
Tools Used
Manual review
Recommendations
Use other sources of information to determine the amount of time passed, such as block.number or a time oracle that cannot be easily manipulated.
Rewards breakdown
nSLOC
211This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.