Inheritable Smart Contract Wallet

Root Cause: Unrestricted arbitrary external calls by the owner allow a misbehaving target contract to revert or manipulate return data.
Impact: Potential denial-of-service, unforeseen state changes, and disruption of fund management.

Summary

The contractInteractions function allows the owner to execute arbitrary calls to external contracts with an option to store the return data. Although the function includes a custom reentrancy guard, the unrestricted nature of these calls introduces risk. A malicious external contract may intentionally revert or execute harmful logic that could prevent the successful completion of critical operations, potentially locking funds or altering contract state unexpectedly.

Vulnerability Details

• Function Under Review:

  function contractInteractions(address _target, bytes calldata _payload, uint256 _value, bool _storeTarget)

  external

  nonReentrant

  onlyOwner

  {

  (bool success, bytes memory data) = _target.call{value: _value}(_payload);

  require(success, "interaction failed");

  if (_storeTarget) {

  interactions[_target] = data;

  }

  }

• Issue:
  The function allows the owner to make arbitrary external calls. Although a reentrancy guard is applied, there is no restriction on the behavior of the called contract. If the external contract is malicious or poorly implemented, it can force the call to revert or return unexpected data, thus potentially locking the function or altering expected behavior.

• Economic Risk:
  If critical interactions (such as those involving asset transfers or state updates) are blocked or manipulated, beneficiaries or the owner may be prevented from correctly managing or accessing funds, which could result in asset loss or misallocation.

Root Cause

The core issue arises from allowing an unrestricted arbitrary external call via call{}. Even with reentrancy protection, there are no controls on:

• The target contract’s behavior.

• Validity or sanity of the returned data.

• The potential for a revert that stops the execution of crucial functions.

This lack of input validation and target restriction means that if the owner accidentally (or intentionally) interacts with a malicious contract, it could lead to unforeseen side effects or a complete halt in contract functionality.

Tools Used

• Foundry:

• Static Analysis: slither

Mitigation

1. Restrict External Calls:

   • Limit the set of allowed target contracts (e.g., via an allowlist) to prevent arbitrary external calls.

2. Input Validation:

   • Validate the payload and target address before executing the call.

3. Review Reentrancy Guards:

   • Although the current nonReentrant modifier uses transient storage for gas efficiency, consider a more standardized implementation (such as OpenZeppelin’s ReentrancyGuard) to reduce risks from unforeseen behavior.