Inheritable Smart Contract Wallet

Summary

The InheritanceManager contract is intended to facilitate the management of asset inheritance, including the ability for beneficiaries to appoint a trustee to reevaluate the value of on-chain assets (e.g., NFTs) when necessary. However, a significant flaw exists in the trustee appointment process: the contract does not require collective consent from beneficiaries. Instead, it permits any single beneficiary to unilaterally appoint a trustee. This contradicts the project description’s implication of an "opt-in" process requiring agreement among beneficiaries, compromising the intended collaborative decision-making framework and exposing the system to potential misuse or disputes.

Vulnerability Details

The project description states: "Should the value of the assets on-chain in NFT form be outdated, beneficiaries can opt-in to appoint a trustee to reevaluate those." This phrasing suggests a voluntary, collective process where beneficiaries must agree to the appointment of a trustee. However, the contract’s implementation deviates from this intention.

Vulnerable Code

The trustee appointment is handled by the following function:

This function is restricted by the onlyBeneficiaryWithIsInherited modifier, defined as:

The modifier ensures that the caller is a listed beneficiary and that the inheritance process has been activated (isInherited == true). However, it does not enforce any form of collective decision-making.

Key Issues

1. Unilateral Appointment:
   Any single beneficiary can appoint a trustee without input or approval from other beneficiaries. There is no mechanism to ensure collective agreement.

2. Lack of Approval Tracking:
   The contract does not track individual beneficiary approvals or provide a way to verify consent, leaving no record of whether other beneficiaries support the trustee appointment.

Impact

• Disputes Among Beneficiaries:
  A trustee appointed by one beneficiary without others’ knowledge or consent could lead to disagreements over the trustee’s legitimacy or actions, fracturing trust among stakeholders.

• Deviation from Intended Design:
  The unilateral process undermines the collaborative framework intended for the inheritance system, reducing its fairness and transparency.

• Risk of Abuse:
  A malicious or self-interested beneficiary could appoint a trustee who prioritizes their interests, potentially harming others and skewing the equitable distribution of assets.

• Legal and Compliance Concerns:
  In jurisdictions where inheritance laws mandate collective agreement or transparency, this flaw could render the contract legally questionable or unenforceable.

Tools Used

Manual Review

Recommendations

1. Implement a Voting Mechanism
   Replace the unilateral appointment with a voting system where beneficiaries propose and approve a trustee. The trustee should only be appointed if a predefined threshold of consent is met (e.g., majority or supermajority).

   • Proposed Functions:

     • proposeTrustee(address _trustee): Allows a beneficiary to nominate a trustee and start the voting process.

     • approveTrustee(): Enables beneficiaries to vote in favor of the proposed trustee.

     • Check the approval count against a threshold before setting the trustee variable.

2. Track Individual Approvals
   Maintain a record of each beneficiary’s vote to ensure transparency and accountability.

   • Example Implementation:

     mapping(address => bool) public hasApprovedTrustee;

     Update this mapping when a beneficiary calls approveTrustee().