Missing Timer Reset Calls Lead to Inconsistent Inheritance Timelines in InheritanceManager
Summary
The InheritanceManager contract is designed with an invariant that any transaction initiated by the owner should reset a 90-day inactivity timer. However, the contractInteractions() and createEstateNFT() functions fail to call the internal _setDeadline() function, which is responsible for resetting this timer. This inconsistency breaks the contract's intended behavior and its core invariant.
Vulnerability Details
The InheritanceManager contract includes an internal function, _setDeadline(), which resets a 90-day inactivity timer. This function is intended to be called after every transaction made by the owner, ensuring that the timer is consistently reset and preventing premature inheritance claims.
However, the contractInteractions() and createEstateNFT() functions, both of which are callable by the owner, do not call _setDeadline(). This omission means that these functions do not reset the timer, violating the contract's invariant and potentially leading to unexpected inheritance scenarios.
Impact
break contract invariant
Tools Used
Manual review
Recommendations
Implement _setDeadline()into contractInteractions()and createEstateNFT()
Lead Judging Commences
functions do not reset the deadline
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.