Inheritable Smart Contract Wallet
First Flight #35
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Multiple owner-only functions do not reset inheritance deadline, violating core contract invariant

0xWithdrawers

Description

According to the README documentation, a core invariant of the contract is:

## Core Assumptions and Invariants
1. EVERY transaction the owner does with this contract must reset the 90 days timer

However, several functions that are restricted to the owner using the onlyOwner modifier do not reset the 90-day inactivity timer by calling _setDeadline(). This creates an inconsistency in the contract's behavior and violates a fundamental design principle.

The following owner-only functions correctly reset the timer:

  • sendERC20()

  • sendETH()

  • addBeneficiery()

But these owner-only functions do not:

  • contractInteractions()

  • createEstateNFT()

  • removeBeneficiary()

function contractInteractions(address _target, bytes calldata _payload, uint256 _value, bool _storeTarget)
external
nonReentrant
onlyOwner
{
(bool success, bytes memory data) = _target.call{value: _value}(_payload);
require(success, "interaction failed");
if (_storeTarget) {
interactions[_target] = data;
}
// Missing _setDeadline();
}
function createEstateNFT(string memory _description, uint256 _value, address _asset) external onlyOwner {
uint256 nftID = nft.createEstate(_description);
nftValue[nftID] = _value;
assetToPay = _asset;
// Missing _setDeadline();
}
function removeBeneficiary(address _beneficiary) external onlyOwner {
uint256 indexToRemove = _getBeneficiaryIndex(_beneficiary);
delete beneficiaries[indexToRemove];
// Missing _setDeadline();
}

Impact

This vulnerability has several significant impacts:

  1. Premature Inheritance: The owner could be actively using the contract through these functions, but if they don't call any of the functions that reset the timer, beneficiaries might be able to trigger inheritance after 90 days despite the owner still being active.

  2. Contract Invariant Violation: A core invariant of the contract is violated, which means the contract doesn't behave as documented or intended.

Risk Assessment

This vulnerability is classified as HIGH severity because:

  1. It directly violates a documented core invariant of the contract

  2. It could lead to premature triggering of inheritance against the owner's intent

  3. It affects critical functions including contractInteractions, which is a gateway to arbitrary external interactions

  4. The consequences of unintended inheritance could be significant, potentially involving substantial financial assets

Recommendation

Add _setDeadline() to all functions that are accessible only to the owner. Specifically, update the following functions:

function contractInteractions(address _target, bytes calldata _payload, uint256 _value, bool _storeTarget)
external
nonReentrant
onlyOwner
{
(bool success, bytes memory data) = _target.call{value: _value}(_payload);
require(success, "interaction failed");
if (_storeTarget) {
interactions[_target] = data;
}
_setDeadline(); // Add this line
}
function createEstateNFT(string memory _description, uint256 _value, address _asset) external onlyOwner {
uint256 nftID = nft.createEstate(_description);
nftValue[nftID] = _value;
assetToPay = _asset;
_setDeadline(); // Add this line
}
function removeBeneficiary(address _beneficiary) external onlyOwner {
uint256 indexToRemove = _getBeneficiaryIndex(_beneficiary);
delete beneficiaries[indexToRemove];
_setDeadline(); // Add this line
}

Additionally, consider implementing a modifier that automatically calls _setDeadline() for all owner-only functions to ensure this invariant is maintained even if new functions are added:

modifier onlyOwnerAndResetDeadline() {
if (msg.sender != owner) {
revert NotOwner(msg.sender);
}
_;
_setDeadline();
}

Then replace the onlyOwner modifier with onlyOwnerAndResetDeadline in all relevant functions to ensure consistent behavior.

Updates

Lead Judging Commences

0xtimefliez Lead Judge 9 months ago
Submission Judgement Published
Validated
Assigned finding tags:

functions do not reset the deadline

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!