Inheritable Smart Contract Wallet

First Flight #35

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: high

Invalid

Zero Beneficiaries Creates Permanent Lock

teoslaf

Summary

If no beneficiaries are added to the contract and the deadline passes, the contract enters a permanently locked state where no one can access the funds - not even the original owner.

Vulnerability Details

function inherit() external {

if (block.timestamp < getDeadline()) {

revert InactivityPeriodNotLongEnough();

}

if (beneficiaries.length == 1) {

owner = msg.sender;

_setDeadline();

} else if (beneficiaries.length > 1) {

isInherited = true;

} else {

revert InvalidBeneficiaries(); // Reverts if beneficiaries.length == 0

}

Critical issues:

Deadlock Scenario
- Owner doesn't add beneficiaries
- 90 days pass
- Deadline expires
- Owner can't access funds (no deadline reset)
- No one can inherit (reverts on zero beneficiaries)
- Funds permanently locked
No Recovery Path
- Owner operations need active deadline
- inherit() reverts on zero beneficiaries
- No mechanism to reset deadline
- No emergency recovery function
- No way to add beneficiaries after lock
Affected Assets
- All ETH in contract
- All ERC20 tokens
- All NFTs
- All contract state

Impact

CRITICAL - The vulnerability enables:

Permanent Fund Lock
- All assets inaccessible
- No recovery mechanism
- Affects all contract value
- Complete loss of funds
Contract Deadlock
- No state changes possible
- Can't add beneficiaries
- Can't reset deadline
- Can't access funds

Proof of Concept

contract LockTest {

InheritanceManager target;

function demonstrateLock() external {

// 1. Deploy contract

// 2. Don't add any beneficiaries

// 3. Wait 90 days

// Now:

target.inherit(); // Reverts: "InvalidBeneficiaries"

// Owner tries to send ETH:

target.sendETH(); // Reverts: deadline passed

// Owner tries to add beneficiary:

target.addBeneficiary(); // Reverts: deadline passed

// Result: All funds permanently locked

}

Recommendations

Add Zero Beneficiary Protection:

function inherit() external {

if (block.timestamp < getDeadline()) {

revert InactivityPeriodNotLongEnough();

}

// Allow owner recovery if no beneficiaries

if (beneficiaries.length == 0) {

require(msg.sender == owner, "Only owner");

_setDeadline();

return;

}

// Normal inheritance logic

if (beneficiaries.length == 1) {

owner = msg.sender;

_setDeadline();

} else {

isInherited = true;

}

Add Emergency Recovery:

function emergencyRecover() external {

require(msg.sender == owner, "Only owner");

require(beneficiaries.length == 0, "Has beneficiaries");

_setDeadline();

emit EmergencyRecovery(owner);

}

Enforce Beneficiary Requirements:

constructor() {

owner = msg.sender;

_setDeadline();

require(_addInitialBeneficiary(), "Must add beneficiary");

}

function _addInitialBeneficiary() internal returns (bool) {

// Logic to ensure at least one beneficiary

}

Add Safety Features:
- Minimum beneficiary requirement
- Emergency recovery mechanism
- Clear state transitions
- Proper event logging

Updates

Lead Judging Commences

0xtimefliez Lead Judge 9 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Rewards breakdown

nSLOC

211

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!