Submission Details
Severity:
Transfer of inheritance because of nonvalidation of deadline in removeBeneficiary function()
Summary
The rules says:
Every action by the owner should reset the deadline to prevent premature inheritance. So.
If the owner removes a beneficiary, it is still an interaction with the contract and should count as "activity."
If
_setDeadline()is missing, an owner could remove a beneficiary but still lose access after 90 days, even if they were just managing the contract.
Vulnerability Details
function removeBeneficiary(address _beneficiary) external onlyOwner {
uint256 indexToRemove = _getBeneficiaryIndex(_beneficiary);
delete beneficiaries[indexToRemove];
}
Impact
90 days countdown non-validation will lead to transfer of inheritence.
Tools Used
Mannual review
Recommendations
function removeBeneficiary(address _beneficiary) external onlyOwner
{
uint256 indexToRemove = _getBeneficiaryIndex(_beneficiary);
delete beneficiaries[indexToRemove];
_setDeadline(); // Reset the 90-day timer
}
Updates
Lead Judging Commences
0xtimefliez 10 months ago
Submission Judgement Published Assigned finding tags:
Inherit depends on msg.sender so anyone can claim the contract
functions do not reset the deadline
constructor does not initialize deadline
Appeal created
0xtimefliez 10 months ago
Submission Judgement Published Assigned finding tags:
functions do not reset the deadline
Rewards breakdown
nSLOC
211This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.