Inheritable Smart Contract Wallet
First Flight #35
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

`removeBeneficiary` function: The function fails to reset the deadline timer, violating a core contract invariant.

alekseyts

Summary

A high vulnerability has been identified in the InheritanceManager contract's removeBeneficiary function. The function fails to reset the deadline timer, violating a core contract invariant that requires every owner transaction to reset the 90-day timer.

Vulnerability Details

The vulnerability exists in the deadline management system:

  1. Missing Deadline Reset:

  • The removeBeneficiary function does not call _setDeadline()

  • Violates core contract assumption that all owner transactions reset the timer

  • Similar issue might exist in other owner functions like:

    • contractInteractions

    • createEstateNFT

  1. Core Assumption Violation:
    From the test and documentation:

//SPDX-License-Identifier: MIT
pragma solidity 0.8.26;
import {Test, console} from "forge-std/Test.sol";
import {InheritanceManager} from "../src/InheritanceManager.sol";
import {ERC20Mock} from "@openzeppelin/contracts/mocks/token/ERC20Mock.sol";
contract InheritanceManagerAuditTest is Test {
InheritanceManager im;
ERC20Mock usdc;
ERC20Mock weth;
address owner = makeAddr("owner");
address user1 = makeAddr("user1");
function setUp() public {
vm.prank(owner);
im = new InheritanceManager();
usdc = new ERC20Mock();
weth = new ERC20Mock();
}
// test removeBeneficiary : do not reset deadline
// fix: first call '_setDeadline();' and then continue with bussiness logic
function test_removeBeneficiary_dontResetDeadline() public {
/**
based on: ## Core Assumptions and Invariants
1. EVERY transaction the owner does with this contract must reset the 90 days timer
*/
// contractInteractions
// createEstateNFT
address user2 = makeAddr("user2");
address user3 = makeAddr("user3");
vm.startPrank(owner);
im.addBeneficiery(user1);
im.addBeneficiery(user2);
im.addBeneficiery(user3);
vm.stopPrank();
vm.startPrank(owner);
im.removeBeneficiary(user1);
im.removeBeneficiary(user2);
im.removeBeneficiary(user3);
vm.stopPrank();
assert(true);
}
}

The test demonstrates this by:

  1. Setting up contract with three beneficiaries

  2. Owner removes all beneficiaries

  3. Deadline is not reset during these operations

  4. Core contract invariant is broken

Impact

High severity. The vulnerability allows:

  • Violation of core contract security assumptions

  • Potential premature inheritance triggers

  • Inconsistent deadline management

  • Breaking of the dead man's switch mechanism

Tools Used

  • Manual code review

  • Foundry test framework

  • Contract invariant analysis

  • Core assumptions verification

Recommendations

  1. Add deadline reset to removeBeneficiary:

function removeBeneficiary(address beneficiary) external onlyOwner {
// Reset deadline first
_setDeadline();
// Continue with existing removal logic
// ...
}

  1. Audit all owner functions:

  • Review contractInteractions for deadline reset

  • Review createEstateNFT for deadline reset

  • Add deadline reset to any missing functions

  1. Implement systematic safeguards:

  • Create a modifier for owner functions that automatically resets deadline

  • Add events for deadline changes

  • Implement deadline verification checks

Updates

Lead Judging Commences

0xtimefliez Lead Judge 10 months ago
Submission Judgement Published
Validated
Assigned finding tags:

functions do not reset the deadline

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!