Inheritable Smart Contract Wallet
First Flight #35
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

Incorrect Deadline Reset in inherit() Function

teoslaf

Summary

The inherit() function only resets the deadline in the single beneficiary case, creating an inconsistency in the inheritance mechanism and potential exploitation paths.

Vulnerability Details

function inherit() external {
if (block.timestamp < getDeadline()) {
revert InactivityPeriodNotLongEnough();
}
if (beneficiaries.length == 1) {
owner = msg.sender;
_setDeadline(); // Only called in single beneficiary case!
} else if (beneficiaries.length > 1) {
isInherited = true;
// No _setDeadline() call here!
} else {
revert InvalidBeneficiaries();
}
}

Critical issues:

  1. Inconsistent Deadline Reset

    • Only single beneficiary case resets deadline

    • Multiple beneficiaries case doesn't reset deadline

    • Creates different behavior for different scenarios

    • No clear reason for this difference

  2. Exploitation Risk

    • In single beneficiary case:

      • New owner gets fresh 90-day period

      • Can prevent other claims

      • Can reset inheritance process

    • In multiple beneficiary case:

      • No deadline reset

      • No protection mechanism

      • Permanent inherited state

  3. State Inconsistency

    • Single beneficiary: Gets new deadline

    • Multiple beneficiaries: Stuck with old deadline

    • Different rules for different cases

    • No clear security model

Impact

HIGH - The vulnerability enables:

  1. Inheritance Manipulation

    • Single beneficiary can reset process

    • Multiple beneficiaries can't

    • Unfair advantage to single beneficiary

    • System state inconsistency

  2. Process Interference

    • New owner can block other claims

    • No protection for multiple beneficiaries

    • Unclear inheritance finality

    • System state confusion

Proof of Concept

contract InheritanceTest {
InheritanceManager target;
function testInheritance() external {
// Case 1: Single Beneficiary
target.inherit();
// Gets ownership + new 90 day period
// Can prevent others from inheriting
// Case 2: Multiple Beneficiaries
target.inherit();
// Sets isInherited = true
// But deadline remains old
// No protection mechanism
}
}

Recommendations

  1. Consistent Deadline Handling:

function inherit() external {
if (block.timestamp < getDeadline()) {
revert InactivityPeriodNotLongEnough();
}
if (beneficiaries.length == 0) {
revert InvalidBeneficiaries();
}
// Handle both cases consistently
if (beneficiaries.length == 1) {
owner = msg.sender;
} else {
isInherited = true;
}
// Always emit event and handle deadline
emit InheritanceTriggered(msg.sender);
_finalizeInheritance();
}
function _finalizeInheritance() internal {
// Clear deadline to prevent further inheritance
deadline = type(uint256).max;
// Or implement other finalization logic
}

  1. Improve State Management:

    • Clear inheritance finality

    • Consistent deadline handling

    • Proper event emission

    • State transition safeguards

  2. Add Safety Features:

    • Grace period for claims

    • Multiple beneficiary protection

    • Clear state transitions

    • Proper access controls

Updates

Lead Judging Commences

0xtimefliez Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!