Inheritable Smart Contract Wallet
First Flight #35
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

Multiple calls to createEstateNFT overwrites value of assetToPay

graves

Summary

The InheritanceManager:assetToPay variable is overridden each time a call to InheritanceManager:createEstateNFT is called. If you create one NFT to be paid in DAI and a second to be paid in LINK, attempting to call InheritanceManager:buyOutEstateNFT for the first NFT would result in LINK being paid out instead of DAI.

Vulnerability Details

A test to see that the assetToPay gets overwritten if createEstateNFT gets called more than once.

function checkAssetToPay () public {
address USDC = 0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48;
address LINK = 0x514910771AF9Ca656af840dff83E8264EcF986CA;
inheritanceManager.createEstateNFT("nft1", 10, USDC);
inheritanceManager.createEstateNFT("nft2", 10, LINK);
Assert.notEqual(inheritanceManager.getAssetToPay(), USDC, "assetToPay was not overwritten");
}

Impact

Beneficiaries would be paid an incorrect token which could be valued differently than the intended assetToPay token.

Tools Used

Remix

Recommendations

Add a new mapping to the Trustee contract to keep track of each assetToPay for each NFT mapping(uint256 NftIndex => address assetToPay) nftAssetToPay;

Updates

Lead Judging Commences

0xtimefliez Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

global asset in NFT values

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.