Inheritable Smart Contract Wallet
First Flight #35
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Missing Deadline Reset in Multiple Owner Functions

0xsixeyes

Summary

Multiple owner-only functions in the InheritanceManager contract don't call _setDeadline(), violating a core invariant of the contract that every owner transaction should reset the 90-day timer.

Vulnerability Details

The README explicitly states in the Core Assumptions and Invariants:

  1. EVERY transaction the owner does with this contract must reset the 90 days timer

However, the following functions don't call _setDeadline():

  1. contractInteractions:

function contractInteractions(address _target, bytes calldata _payload, uint256 _value, bool _storeTarget)
external
nonReentrant
onlyOwner
{
// Function logic
// Missing _setDeadline() call
}

  1. removeBeneficiary:

function removeBeneficiary(address _beneficiary) external onlyOwner {
uint256 indexToRemove = _getBeneficiaryIndex(_beneficiary);
delete beneficiaries[indexToRemove];
// Missing _setDeadline() call
}

  1. createEstateNFT:

function createEstateNFT(string memory _description, uint256 _value, address _asset) external onlyOwner {
uint256 nftID = nft.createEstate(_description);
nftValue[nftID] = _value;
assetToPay = _asset;
// Missing _setDeadline() call
}

Other owner functions properly reset the deadline:

Impact

HIGH

  • Directly violates a core invariant of the contract

  • Could lead to premature inheritance activation

  • Allows beneficiaries to gain access to funds earlier than intended

  • Breaks the fundamental security model of the contract

Likelihood: High

  • Occurs whenever owner uses any of these functions

  • These functions are part of normal contract operation

  • No special conditions required

  • Affects multiple key functions

Exploit Scenario:

  1. Owner sets up inheritance with multiple beneficiaries

  2. Owner regularly uses contractInteractions, removeBeneficiary, and createEstateNFT

  3. Owner assumes these interactions reset the 90-day timer (as stated in the README)

  4. However, the timer is not reset

  5. Owner goes on vacation for 3 months, expecting to return before inheritance activates

  6. Since these functions didn't reset the timer, the 90-day period expires

  7. Beneficiaries can call inherit() and gain access to funds while owner is still alive

  8. Owner loses control of their funds unexpectedly

Tools Used

  • Manual review

  • Code inspection

  • Foundry tests

Recommendations

Add the _setDeadline() call to all owner functions:

  1. For contractInteractions:

function contractInteractions(address _target, bytes calldata _payload, uint256 _value, bool _storeTarget)
external
nonReentrant
onlyOwner
{
(bool success, bytes memory data) = _target.call{value: _value}(_payload);
require(success, "interaction failed");
if (_storeTarget) {
interactions[_target] = data;
}
_setDeadline(); // Add this line
}

  1. For removeBeneficiary:

function removeBeneficiary(address _beneficiary) external onlyOwner {
uint256 indexToRemove = _getBeneficiaryIndex(_beneficiary);
delete beneficiaries[indexToRemove];
_setDeadline(); // Add this line
}

  1. For createEstateNFT:

function createEstateNFT(string memory _description, uint256 _value, address _asset) external onlyOwner {
uint256 nftID = nft.createEstate(_description);
nftValue[nftID] = _value;
assetToPay = _asset;
_setDeadline(); // Add this line
}

These changes would:

  • Ensure all owner transactions reset the timer

  • Maintain consistency across all owner functions

  • Uphold the core invariant stated in the README

  • Prevent premature inheritance activation

Updates

Lead Judging Commences

0xtimefliez Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

functions do not reset the deadline

constructor does not initialize deadline

Appeal created

0xtimefliez Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

functions do not reset the deadline

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.