Inheritable Smart Contract Wallet
First Flight #35
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Some owner interactions do not reset the timer

gautr

Summary

One of the core assumptions is that "EVERY transaction the owner does with this contract must reset the 90 days timer". However, some owner functions are missing the call to the function that resets the timer.

Vulnerability Details

The InheritanceManager::createEstateNFT, InheritanceManager::contractInteractions, InheritanceManager::removeBeneficiary do not call InheritanceManager::_setDeadline on their last lines. As a result, a beneficiary can change the contract state even if 90 days of inactivity have not passed.

Impact

  • The contract can enter inherited mode even if the owner has been active within the last 90 days.

  • This unintended state change can occur unexpectedly and without the owner's knowledge.

Tools Used

  • Foundry

Recommendations

Move the call to InheritanceManager::_setDeadline inside the onlyOwner modifier and remove it from individual functions that currently call it. The onlyOwner modifier should still be used in these functions.

This approach ensures that every owner transaction automatically resets the timer in a more efficient and gas-optimized manner.

modifier onlyOwner() {
if (msg.sender != owner) {
revert NotOwner(msg.sender);
}
_;
+ _setDeadline();
}

Example of _setDeadline() removal in other functions:

// _setDeadline called by the onlyOwner modifier after the push is executed
function addBeneficiery(address _beneficiary) external onlyOwner {
beneficiaries.push(_beneficiary);
- _setDeadline();
}
Updates

Lead Judging Commences

0xtimefliez Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

functions do not reset the deadline

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.