Submission Details
Severity:
`contractInteractions` did not update deadline
Summary
InheritanceManager::contractInteractions did not update deadline, therefore breaking invariant EVERY transaction the owner does with this contract must reset the 90 days timer
Vulnerability Details
in function contractInteractions, after external call is completed, the deadline doesn't update because there is no internal function call to setDeadline().
Impact
The deadline doesn't update and have a chance to transition into inherited mode unexpectedly.
Tools Used
Foundry
Recommendations
Add _setDeadline() after contract call
function contractInteractions(address _target, bytes calldata _payload, uint256 _value, bool _storeTarget)
external
nonReentrant
onlyOwner
{
(bool success, bytes memory data) = _target.call{value: _value}(_payload);
require(success, "interaction failed");
if (_storeTarget) {
interactions[_target] = data;
}
++ _setDeadline();
}
And a test in InheritanceManagerTest.t.sol
function test_contractInteractionUpdatingDeadline() public {
// any contract will do
Greeter g = new Greeter();
vm.warp(1);
vm.startPrank(owner);
uint256 deadline = im.getDeadline();
im.contractInteractions(address(g), abi.encodeCall(g.greet, ()), 0, false);
uint256 deadlineAfter = im.getDeadline();
assertGt(deadlineAfter, deadline, "contractInteractions did not update deadline");
}
Updates
Lead Judging Commences
0xtimefliez 10 months ago
Submission Judgement Published Assigned finding tags:
Inherit depends on msg.sender so anyone can claim the contract
functions do not reset the deadline
constructor does not initialize deadline
Appeal created
0xtimefliez 10 months ago
Submission Judgement Published Assigned finding tags:
functions do not reset the deadline
Rewards breakdown
nSLOC
211This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.