Inheritable Smart Contract Wallet
First Flight #35
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

`contractInteractions` did not update deadline

gunboats

Summary

InheritanceManager::contractInteractions did not update deadline, therefore breaking invariant EVERY transaction the owner does with this contract must reset the 90 days timer

Vulnerability Details

in function contractInteractions, after external call is completed, the deadline doesn't update because there is no internal function call to setDeadline().

Impact

The deadline doesn't update and have a chance to transition into inherited mode unexpectedly.

Tools Used

Foundry

Recommendations

Add _setDeadline() after contract call

function contractInteractions(address _target, bytes calldata _payload, uint256 _value, bool _storeTarget)
external
nonReentrant
onlyOwner
{
(bool success, bytes memory data) = _target.call{value: _value}(_payload);
require(success, "interaction failed");
if (_storeTarget) {
interactions[_target] = data;
}
++ _setDeadline();
}

And a test in InheritanceManagerTest.t.sol

function test_contractInteractionUpdatingDeadline() public {
// any contract will do
Greeter g = new Greeter();
vm.warp(1);
vm.startPrank(owner);
uint256 deadline = im.getDeadline();
im.contractInteractions(address(g), abi.encodeCall(g.greet, ()), 0, false);
uint256 deadlineAfter = im.getDeadline();
assertGt(deadlineAfter, deadline, "contractInteractions did not update deadline");
}
Updates

Lead Judging Commences

0xtimefliez Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Inherit depends on msg.sender so anyone can claim the contract

functions do not reset the deadline

constructor does not initialize deadline

Appeal created

0xtimefliez Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

functions do not reset the deadline

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.