removeBeneficiary() is not considered an owner interaction, so the inheritance deadline doesn't update when this function is called
Summary
When the function removeBeneficiary() is called by the owner of the inheritance manager contract the inheritance deadline doesn't update to the new time(block.timestamp+timeLock). The deadline should update for every transaction the owner does with this contract by design of the inheritance manager contract.
Vulnerability Details
When owner calls removeBeneficiary() deadline is not updated, because _setDeadline() is not called.
This can lead to unwanted behaviour of the inheritance manager contract, to false expectations regarding the actual time deadline. Beneficiries can call inherit() earlier than expected.
Impact
Beneficiries can redeem funds at an earlier time than expected, resulting in inconsistent contract behaviour.
Tools Used
Manual review
Recommendations
Include a call to the _setDeadline() function to update the inheritance deadline when removeBeneficiary() is called.
```
function removeBeneficiary(address _beneficiary) external onlyOwner
Same as above for createEstateNFT() and contractInteractions() which are also called by the owner and do not update the deadline when called.
Side note:
I am uploading from my mobile, because I am away from my laptop for a couple of weeks, hope the markdown works well.
Lead Judging Commences
functions do not reset the deadline
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.