Inheritable Smart Contract Wallet

First Flight #35

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Invalid

Inadequate Deadline Enforcement in inherit() Function

rare__one

Summary

The inherit() function in the InheritanceManager.sol contract contains a vulnerability related to the enforcement of the inactivity period deadline. The condition block.timestamp < getDeadline() allows inheritance to occur exactly at the deadline (block.timestamp == deadline), which may lead to unintended behavior or exploitation if the deadline is not carefully managed. This could result in premature inheritance or improper access control.

Vulnerability Details

The inherit() function is designed to allow beneficiaries to inherit ownership or trigger inheritance logic after a specified inactivity period (TIMELOCK). However, the function uses the condition block.timestamp < getDeadline() to enforce the deadline. This condition allows the function to proceed when block.timestamp == deadline, meaning inheritance can occur exactly at the deadline.

The _setDeadline() function sets the deadline as follows:

function _setDeadline() internal {

deadline = block.timestamp + TIMELOCK;

}

If TIMELOCK is set to 90 days, the deadline will be 90 days after the last call to _setDeadline(). The inherit() function will proceed if block.timestamp >= deadline, including the exact moment when block.timestamp == deadline.

This behavior introduces the following risks:

Premature Inheritance: If the deadline is not carefully managed, inheritance could occur earlier than intended.
Exploitation of Exact Deadline: An attacker could front-run the transaction to trigger inheritance exactly at the deadline, potentially bypassing intended safeguards.

Proof of Concept (PoC)

Assume TIMELOCK = 90 days and _setDeadline() is called on day 0,setting deadline = day 90.
An attacker monitors the blockchain and prepares a transaction to call inherit() exactly at block.timestamp = day 90.
When block.timestamp == deadline, the condition block.timestamp < deadline evaluates to false, and the function proceeds.
The attacker successfully triggers inheritance, potentially gaining control of the contract or its assets before legitimate beneficiaries.

Impact

Loss of Access Control: If inheritance occurs prematurely or at an unintended time, it could lead to unauthorized changes in ownership or contract state.
Front-Running Attacks: An attacker could monitor the blockchain and submit a transaction to trigger inheritance exactly at the deadline, gaining control before legitimate beneficiaries.
Financial Loss: Improper inheritance could result in financial losses for legitimate beneficiaries or stakeholders.

Tools Used

Recommendations

To mitigate this vulnerability, the condition in the inherit() function should be updated to ensure inheritance can only occur after the deadline, not exactly at the deadline. Replace:

if (block.timestamp < getDeadline()) {

revert InactivityPeriodNotLongEnough();

}

With

if (block.timestamp <= getDeadline()) {

revert InactivityPeriodNotLongEnough();

}

This change ensures that inheritance can only occur when block.timestamp > deadline, preventing exploitation at the exact deadline.

Updates

Lead Judging Commences

0xtimefliez Lead Judge 6 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

211

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.