Submission Details
Severity:
`InheritanceManager::setDeadline` is missing from `onlyOwner` functions which can lead to inheritance being triggered when unintended.
Description
In createEstateNFT, removeBeneficiary, and contractInteractions the deadline is not being reset after the owner performs actions. This does not align with the protocols intended functionality.
For the sake of this bug, assume setDeadline has been initialised correctly in the constructor.
Impact
The deadline is not reset despite the owner performing actions. This can lead to an unintended inheritance trigger.
Proof of Concept
Add the following code to InheritanceManagerTest.t.sol:
function test_createEstateNFT_doesNotResetDeadline() public {
vm.startPrank(owner);
uint256 initialDeadline = im.getDeadline();
vm.warp(block.timestamp + 10 days);
im.createEstateNFT("My House", 1000 ether, address(usdc));
uint256 newDeadline = im.getDeadline();
vm.stopPrank();
// newDeadline should be a larger value than initialDeadline
assertLe(newDeadline, initialDeadline, "setDeadline should be reset after creating estate NFT");
}
Tools Used
Manual review, Foundry
Recommended Mitigation
In order for the timer to be reset after each onlyOwner action, add the code shown below.
function createEstateNFT(string memory _description, uint256 _value, address _asset) external onlyOwner {
uint256 nftID = nft.createEstate(_description);
nftValue[nftID] = _value;
assetToPay = _asset;
+ _setDeadline();
}
function removeBeneficiary(address _beneficiary) external onlyOwner {
uint256 indexToRemove = _getBeneficiaryIndex(_beneficiary);
delete beneficiaries[indexToRemove];
+ _setDeadline();
}
function contractInteractions(address _target, bytes calldata _payload, uint256 _value, bool _storeTarget)
external
nonReentrant
onlyOwner
{
(bool success, bytes memory data) = _target.call{value: _value}(_payload);
require(success, "interaction failed");
if (_storeTarget) {
interactions[_target] = data;
}
+ _setDeadline();
}
Updates
Lead Judging Commences
0xtimefliez 6 months ago
Submission Judgement Published Assigned finding tags:
Inherit depends on msg.sender so anyone can claim the contract
functions do not reset the deadline
constructor does not initialize deadline
Appeal created
0xtimefliez 6 months ago
Submission Judgement Published Assigned finding tags:
functions do not reset the deadline
Rewards breakdown
nSLOC
211This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.