Inherit allows any user to take control of contract
Summary
An edge case in the inherit function allows a random external user to become the owner of the contract.
Vulnerability Details
In line 221(https://github.com/CodeHawks-Contests/2025-03-inheritable-smart-contract-wallet/blob/main/src/InheritanceManager.sol#L221), when the beneficiaries length is 1, any user can become the owner after 90 days. This effectively means that if the previous owner means to pass on ownership to another user, a malicious user can front run this transaction and become contract owner.
Impact
The contract provides the owner with the means to transfer out all funds. Any user can become owner when the beneficiary array length is 1 and drain all funds from the contract.
Tools Used
n/a
Recommendations
This behaviour is presumably used to pass on ownership of the contract to a trusted entity. Since these are the beneficiaries, it is recommended that this code first check that the msg.sender is a beneficiary before passing on the ownership.
Lead Judging Commences
Inherit depends on msg.sender so anyone can claim the contract
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.