Inheritable Smart Contract Wallet
First Flight #35
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

`contractInteractions` function design is not useful

gunboats

Summary

InheritanceManager::contractInteractions function design requires owner to do multiple transaction in case of sending ETH in the interactions and recording interaction is quite costly and not useful for beneficiaries.

Vulnerability Details

  1. contractInteractions does not have payable modifier inside, meaning that in order to do interaction that require ETH with it needlessly required two interactions. (top up and interact)

  2. Recording data returned from interactions is not helpful for beneficiaries as it other interaction to withdraw require different data anyway and interactions is not a public getter. Therefore it is wasting gas writing to storage for no reason.

Impact

The user experience is worsen from those design.

Tools Used

Foundry

Recommendations

Change the function to the following

// use msg.value instead and make function payable
--function contractInteractions(address _target, bytes calldata _payload, uint256 _value, bool _storeTarget)
++function contractInteractions(address _target, bytes calldata _payload)
external
++ payable
nonReentrant
onlyOwner
{
++ (bool success, ) = _target.call{value: msg.value}(_payload);
require(success, "interaction failed");
-- if (_storeTarget) {
-- interactions[_target] = data;
-- }
++ emit ContractInteraction(_target, msg.value, _payload);

Remove interactions state mapping and add events in InheritanceManager

--mapping(address protocol => bytes) interactions;
++event ContractInteraction(address indexed target, uint256 value, bytes payload);
Updates

Lead Judging Commences

0xtimefliez Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.