[H-2] Deadline Initialization Missing in Constructor
Summary
The deadline variable in the InheritanceManager contract is never initialized in the constructor. This critical oversight could allow immediate inheritance if _setDeadline() isn't called elsewhere, completely bypassing the intended time-lock protection mechanism.
Vulnerability Details
The constructor of the InheritanceManager contract does not initialize the deadline variable:
The deadline is meant to be a critical time-lock mechanism that prevents inheritance until a certain time has passed. However, without initialization:
The
deadlinevariable defaults to 0Since
block.timestampis always greater than 0, the conditionblock.timestamp < getDeadline()in theinherit()function will be falseThis allows immediate inheritance without waiting for any time period
Impact
This vulnerability could lead to:
Immediate inheritance without any waiting period
Complete bypass of the time-lock protection mechanism
Potential theft of assets
Fundamental failure of the contract's core security model
The severity is high because it completely breaks the time-lock protection that is central to the contract's security model, potentially allowing immediate unauthorized access to all assets.
Tools Used
Manual code review
Recommendations
Initialize the deadline variable in the constructor:
Lead Judging Commences
constructor does not initialize deadline
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.