Inheritable Smart Contract Wallet
First Flight #35
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

Uninitialized Contract State Allows Immediate Inheritance

teoslaf

Summary

The contract's constructor fails to initialize critical state variables, allowing immediate inheritance and permanent lock scenarios from the moment of deployment.

Vulnerability Details

contract InheritanceManager {
uint256 deadline; // Defaults to 0
address[] beneficiaries; // Defaults to empty
constructor() {
owner = msg.sender;
nft = new NFTFactory(address(this));
// CRITICAL: No deadline initialization!
// CRITICAL: No beneficiary requirement!
}
function inherit() external {
if (block.timestamp < getDeadline()) { // deadline = 0
revert InactivityPeriodNotLongEnough();
}
if (beneficiaries.length == 1) {
owner = msg.sender;
_setDeadline();
} else if (beneficiaries.length > 1) {
isInherited = true;
} else {
revert InvalidBeneficiaries();
}
}
}

Critical issues:

  1. Uninitialized State

    • deadline starts at 0

    • beneficiaries starts empty

    • No initial setup required

    • Contract starts vulnerable

  2. Immediate Vulnerability

    • block.timestamp always > 0

    • Initial deadline check always passes

    • No beneficiaries causes permanent lock

    • No way to recover

  3. Race Condition

    • Owner must add beneficiary immediately

    • Anyone can call inherit() before that

    • Once locked, can't add beneficiaries

    • No recovery mechanism

Impact

CRITICAL - The vulnerability enables:

  1. Instant Lock

    • Contract vulnerable on deployment

    • No grace period for setup

    • Permanent lock possible

    • All assets at risk

  2. Deployment Failure

    • Can't safely initialize

    • Race condition on setup

    • No recovery path

    • Contract unusable

Proof of Concept

contract DeploymentTest {
function attackNewContract() external {
// 1. Owner deploys contract
InheritanceManager manager = new InheritanceManager();
// 2. Immediately after deployment:
// deadline = 0
// block.timestamp > 0 (always true)
// beneficiaries.length = 0
// 3. Try to inherit:
manager.inherit(); // Reverts with InvalidBeneficiaries
// 4. Contract permanently locked:
// - Can't add beneficiaries (needs active deadline)
// - Can't inherit (needs beneficiaries)
// - Can't recover (no mechanism)
}
}

Recommendations

  1. Proper Initialization:

constructor(address initialBeneficiary) {
require(initialBeneficiary != address(0), "Invalid beneficiary");
owner = msg.sender;
nft = new NFTFactory(address(this));
// Initialize critical state
beneficiaries.push(initialBeneficiary);
_setDeadline(); // Sets initial 90-day period
emit ContractInitialized(owner, initialBeneficiary);
}

  1. Safe Setup Period:

contract InheritanceManager {
uint256 public setupDeadline;
bool public initialized;
constructor() {
owner = msg.sender;
setupDeadline = block.timestamp + 1 days;
}
function initialize(address[] calldata _beneficiaries) external onlyOwner {
require(block.timestamp < setupDeadline, "Setup period ended");
require(!initialized, "Already initialized");
require(_beneficiaries.length > 0, "Need beneficiaries");
beneficiaries = _beneficiaries;
_setDeadline();
initialized = true;
}
function inherit() external {
require(initialized, "Not initialized");
// Rest of inherit logic...
}
}

  1. Add Safety Features:

    • Required initialization

    • Setup time window

    • Minimum beneficiary requirement

    • Clear error messages

Updates

Lead Judging Commences

0xtimefliez Lead Judge 9 months ago
Submission Judgement Published
Validated
Assigned finding tags:

constructor does not initialize deadline

Appeal created

0xtimefliez Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!