Inheritable Smart Contract Wallet

Description:

The createEstate function in the NFTFactory contract sets token URI metadata without validating the format or structure of the provided description parameter. The function directly passes this user input to the _setTokenURI function from the inherited ERC721URIStorage contract. Without proper validation, invalid URI formats can be permanently associated with minted NFTs, potentially rendering their metadata inaccessible.

Impact:

Given the clarification that these NFTs are a supplementary feature rather than the core functionality of the inheritance system, the impact is moderate:

1. Metadata Inaccessibility: Invalid URIs would still cause NFT metadata to be inaccessible, but this would primarily affect the optional settlement of real-life asset claims rather than the core inheritance functionality.

2. Limited Utility for Optional Feature: The optional on-chain settlement of real-life asset claims would be hindered if NFTs have invalid metadata, reducing the utility of this supplementary feature.

3. User Experience: Beneficiaries attempting to use the NFT feature for settling claims may face confusion or frustration if metadata is inaccessible.

4. Reputational Risk: Broken functionality could affect user trust in the overall system.

The severity is low since the primary functionality (inheritance of funds after 90 days of inactivity) remains unaffected by this issue.

Proof of Concept:

Several scenarios could lead to metadata inaccessibility:

1. The InheritanceManager might input a malformed URI (e.g., htp://example.com/metadata/1 instead of http://example.com/metadata/1).

2. The description might be set to a non-URI string (e.g., "Grandpa's House" instead of a proper URI link).

3. The URI might point to an invalid IPFS hash or incorrect gateway URL structure.

Since this feature is intended to be simple to use, users might not understand URI formatting requirements, increasing the likelihood of errors.

Recommended Mitigation:

Given the auxiliary nature of this feature, pragmatic mitigations include:

1. Add basic URI format validation to catch obvious errors (e.g., check if the string starts with common URI prefixes like "http://", "https://", or "ipfs://").

   function createEstate(string memory uri) external ... {

   require(bytes(uri).length > 0, "Empty URI");

   require(

   keccak256(bytes(uri)) != keccak256(bytes("example")),

   "Placeholder URI not allowed"

   );

   _setTokenURI(ID, uri);

   }

2. Create a simple URI template system where users can input plain text descriptions that get automatically converted to proper URIs.

3. Include clear documentation about the expected format for the description parameter.

4. Consider allowing a metadata update mechanism (with appropriate access controls) for the InheritanceManager to correct issues if they arise.

5. Add informative error messages if invalid URI formats are detected.

6. Consider implementing a two-step process where URIs are first validated before being committed to the NFT.

These lightweight mitigations would improve the reliability of the supplementary NFT feature without overcomplicating the system, while ensuring the core inheritance functionality remains the primary focus.