Inheritable Smart Contract Wallet
First Flight #35
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Inheritance logic flaw in inherit function (Inheritancemanager.sol)

simranjitsinghss

Summary:

Hi,

I found out a potential bug in the contract 'Inheritancemanager.sol' in which there's flaw in inherit function.

Vulnerability Details:

The key details of this potential vulnerability can be given as follows:

In this vulnerability, The inherit function has a logical flaw when beneficiaries.length == 1. In this case, it sets owner = msg.sender without verifying that msg.sender is the sole beneficiary. This allows any user to claim ownership of the contract after the inactivity period, even if they are not a beneficiary.

function inherit() external {
if (block.timestamp < getDeadline()) {
revert InactivityPeriodNotLongEnough();
}
@> if (beneficiaries.length == 1) {
owner = msg.sender;
_setDeadline();
} else if (beneficiaries.length > 1) {
isInherited = true;
} else {
revert InvalidBeneficiaries();
}
}

Impact:

An attacker could steal ownership of the contract and its funds.

Tools Used:

Manual Code Analysis + VS Code

Recommendations:

Add a check to ensure msg.sender is the sole beneficiary when beneficiaries.length == 1. The sample code for beneficiary check is given below:

function inherit() external {
if (block.timestamp < getDeadline()) {
revert InactivityPeriodNotLongEnough();
}
if (beneficiaries.length == 1) {
require(msg.sender == beneficiaries[0], "Not the beneficiary");
owner = msg.sender;
_setDeadline();
} else if (beneficiaries.length > 1) {
isInherited = true;
} else {
revert InvalidBeneficiaries();
}
}
Updates

Lead Judging Commences

0xtimefliez Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Inherit depends on msg.sender so anyone can claim the contract

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.