Inheritable Smart Contract Wallet
First Flight #35
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

[M-1] Inconsistent Timer Reset in Critical Functions

d33p

Summary

Multiple functions in the InheritanceManager contract don't reset the timer by calling _setDeadline(). This inconsistency could lead to premature inheritance if the owner only uses these functions and doesn't interact with other functions that do reset the timer.

Vulnerability Details

Several onlyOwner functions in the contract don't call _setDeadline() to reset the inheritance timer:

function contractInteractions(
address _target,
bytes calldata _payload,
uint256 _value,
bool _storeTarget
) external nonReentrant onlyOwner {
(bool success, bytes memory data) = _target.call{value: _value}(
_payload
);
require(success, "interaction failed");
if (_storeTarget) {
interactions[_target] = data;
}
// No call to _setDeadline()
}
function createEstateNFT(
string memory _description,
uint256 _value,
address _asset
) external onlyOwner {
uint256 nftID = nft.createEstate(_description);
nftValue[nftID] = _value;
assetToPay = _asset;
// No call to _setDeadline()
}
function removeBeneficiary(address _beneficiary) external onlyOwner {
uint256 indexToRemove = _getBeneficiaryIndex(_beneficiary);
delete beneficiaries[indexToRemove];
// No call to _setDeadline()
}

The contract's security model relies on the owner regularly resetting the inheritance timer through activity. Other owner functions like sendERC20(), sendETH(), and addBeneficiery() properly call _setDeadline(), creating an inconsistent pattern.

Impact

This vulnerability could lead to:

  1. Premature inheritance if the owner only uses the affected functions

  2. Unexpected loss of control over the contract and its assets

  3. Confusion for users about which actions reset the timer

  4. Potential exploitation by beneficiaries who notice this inconsistency

The severity is medium because while it could lead to premature inheritance, it requires specific usage patterns and doesn't directly expose funds to immediate theft.

Tools Used

Manual code review

Recommendations

Ensure consistent timer reset across all owner-only functions by adding _setDeadline() at the end of each function:

function contractInteractions(
address _target,
bytes calldata _payload,
uint256 _value,
bool _storeTarget
) external nonReentrant onlyOwner {
(bool success, bytes memory data) = _target.call{value: _value}(
_payload
);
require(success, "interaction failed");
if (_storeTarget) {
interactions[_target] = data;
}
_setDeadline(); // Reset the timer
}
function createEstateNFT(
string memory _description,
uint256 _value,
address _asset
) external onlyOwner {
uint256 nftID = nft.createEstate(_description);
nftValue[nftID] = _value;
assetToPay = _asset;
_setDeadline(); // Reset the timer
}
function removeBeneficiary(address _beneficiary) external onlyOwner {
uint256 indexToRemove = _getBeneficiaryIndex(_beneficiary);
delete beneficiaries[indexToRemove];
_setDeadline(); // Reset the timer
}

Note that this approach only captures successful transactions. If a transaction reverts for any reason, the timer won't be reset, even though the attempt might indicate owner activity. This is a limitation in the current contract design that should be considered when implementing security-critical functions.

Updates

Lead Judging Commences

0xtimefliez Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

functions do not reset the deadline

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.