Inheritable Smart Contract Wallet
First Flight #35
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

The InheritanceManager contract functions (contractInteractions, createEstateNFT, and removeBeneficiary), does not update the deadline via the _setDeadline, hence breaking the protocol invariance.

0xkemah

Description: The functions contractInteractions, createEstateNFT, and removeBeneficiary in the InheritanceManager contract does not call _setDeadline to update the deadline when executed by the owner. As a result, the 90 days timer after which the contract can be inherited, is not updated to reflect the owner's last activity. This allows for premature inheritance, which compromises the intended behaviour of the protocol (every transaction the owner does with this contract must reset the 90 days timer).

Impact: The beneficiaries can claim their inheritance earlier than the expected 90 day inactivity period of the owner, potentially leading to unintended transfer of assets.

Proof of Concept

  1. Owner adds a beneficiary.

  2. _setDeadline is triggered to update the dealine to current block.timestamp plus 90 days.

  3. Owner removes a beneficiary or creates an estate NFT or interacts with an external contract.

  4. _setDeadline is not triggered to update the deadline.

  5. Beneficiary calls getDeadline, which returns the deadline as the time of the initial add beneficiary transaction plus 90 days.

Code:
```javascript
function test_deadlineNotUpdated() public {
vm.deal(address(im), 10e18);
address user2 = makeAddr("user2");
address user3 = makeAddr("user3");
bytes memory _payLoad = bytes("send 1ETH");
address _targetContract = makeAddr("targetContract");
vm.warp(100);
vm.startPrank(owner);
im.addBeneficiery(user1);
im.addBeneficiery(user2);
im.addBeneficiery(user3);
vm.stopPrank();
uint256 expectedDeadline = 100 + 90 days;
console.log("Deadline after adding beneficiaries: ", im.getDeadline());
console.log("Expected deadline: ", expectedDeadline);
vm.warp(10 days);
vm.startPrank(owner);
im.createEstateNFT("our beach-house", 200000e18, address(usdc));
im.removeBeneficiary(user3);
im.contractInteractions(_targetContract, _payLoad, 1e18, false);
vm.stopPrank();
expectedDeadline += 10 days;
uint256 deadline = im.getDeadline();
console.log("Deadline after removing beneficiary: ", deadline);
console.log("Expected deadline: ", expectedDeadline);
assert(deadline != expectedDeadline);
}
```

Tools Used

  • Manual Review

Recommended Mitigation: To prevent this, we should have the functions contractInteractions, createEstateNFT, and removeBeneficiary in the InheritanceManager contract, update the deadline by calling _setDeadline.

function contractInteractions(address _target, bytes calldata _payload, uint256 _value, bool _storeTarget)
external
nonReentrant
onlyOwner
{
(bool success, bytes memory data) = _target.call{value: _value}(_payload);
require(success, "interaction failed");
if (_storeTarget) {
interactions[_target] = data;
}
+ _setDeadline();
}
function createEstateNFT(string memory _description, uint256 _value, address _asset) external onlyOwner {
uint256 nftID = nft.createEstate(_description);
nftValue[nftID] = _value;
assetToPay = _asset;
+ _setDeadline();
}
function removeBeneficiary(address _beneficiary) external onlyOwner {
uint256 indexToRemove = _getBeneficiaryIndex(_beneficiary);
delete beneficiaries[indexToRemove];
+ _setDeadline();
}
Updates

Lead Judging Commences

0xtimefliez Lead Judge 10 months ago
Submission Judgement Published
Validated
Assigned finding tags:

functions do not reset the deadline

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!