Inheritable Smart Contract Wallet

First Flight #35

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Invalid

Unauthorized Assignment of `assetToPay` in `createEstateNFT`

m3dython

Details:
In the InheritanceManager contract, the createEstateNFT function directly assigns the value of assetToPay using the input parameter _asset. This assignment bypasses the intended access control provided by the onlyTrustee modifier in the Trustee contract, which is supposed to govern changes to assetToPay. As a result, the owner can arbitrarily set the asset used for buyout operations without the oversight of a trustee.

Root Cause:
The core issue is an access control oversight. The assignment

assetToPay = _asset;

in createEstateNFT does not enforce the onlyTrustee modifier (or any similar control), thereby allowing the owner to update assetToPay regardless of whether they should have the authority to do so.

Impact:
A malicious or self-interested owner can set assetToPay to an asset that is unfavorable or even non-valuable for beneficiaries. This manipulation could lead to a scenario where, during an inheritance event, beneficiaries are forced to use an asset that does not reflect a fair or intended valuation, potentially resulting in financial harm or disputes over the inheritance process.

Recommendation:
To address the vulnerability, restrict the modification of assetToPay to only the trustee. This can be achieved by:

Removing the direct assignment from createEstateNFT and enforcing that any update to assetToPay goes through the setAssetToPay function in the Trustee contract.
Alternatively, incorporate a check in createEstateNFT to ensure that only an authorized entity (e.g., the trustee) can update assetToPay.

Proof of Concept (PoC):

Deployment:
- Deploy the InheritanceManager contract.
Exploitation:
- As the owner, call the createEstateNFT function with a custom (potentially malicious) _asset address.
Observation:
- Verify that assetToPay is updated to the provided address, despite the intended design where only the trustee should be allowed to set this variable.
Consequence:
- This demonstrates that the owner can override the control mechanism, thus bypassing the onlyTrustee restriction and potentially misdirecting funds in an inheritance scenario.

Updates

Lead Judging Commences

0xtimefliez Lead Judge 4 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

211

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.