Inheritable Smart Contract Wallet
First Flight #35
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

NFT Asset Management Vulnerabilities in Inheritance System

teoslaf

Summary

The NFT-based asset management system in InheritanceManager has several vulnerabilities related to asset valuation, buyout mechanisms, and interactions with the inheritance process.

Vulnerability Details

The NFT system involves several interacting components:

// In InheritanceManager.sol
function createEstateNFT(string memory _description, uint256 _value, address _asset) external onlyOwner {
uint256 nftID = nft.createEstate(_description);
nftValue[nftID] = _value;
assetToPay = _asset;
}
function buyOutEstateNFT(uint256 _nftID) external onlyBeneficiaryWithIsInherited {
uint256 value = nftValue[_nftID];
uint256 divisor = beneficiaries.length;
uint256 multiplier = beneficiaries.length - 1;
uint256 finalAmount = (value / divisor) * multiplier;
IERC20(assetToPay).safeTransferFrom(msg.sender, address(this), finalAmount);
for (uint256 i = 0; i < beneficiaries.length; i++) {
if (msg.sender == beneficiaries[i]) {
return;
} else {
IERC20(assetToPay).safeTransfer(beneficiaries[i], finalAmount / divisor);
}
}
nft.burnEstate(_nftID);
}

Critical issues:

  1. Asset Value Management

    • No validation on NFT value when set

    • Single assetToPay for all NFTs

    • No mechanism to update values over time

    • Values can be manipulated via contractInteractions

  2. Buyout Mechanism Flaws

    • Calculation can be manipulated

    • No checks for division by zero

    • Potential for decimal truncation losses

    • No validation of asset payment token

  3. NFT Control Issues

    • NFTs can be created until inheritance

    • No limit on number of NFTs

    • Burning mechanism lacks proper checks

    • No transfer restrictions during inheritance

Impact

HIGH - The vulnerability enables:

  1. Value Manipulation

    • Owner can set arbitrary values

    • No price oracle integration

    • Values can become stale

    • Potential for undervalued buyouts

  2. Asset Distribution Problems

    • Unfair distribution of buyout proceeds

    • Potential for lost value in calculations

    • Race conditions in buyout process

    • Token approval exploits

  3. System Abuse

    • Creation of unlimited NFTs

    • Manipulation of asset payment token

    • Exploitation of buyout mechanism

    • Interference with inheritance process

Tools Used

  • Manual code review

Recommendations

  1. Improve Value Management:

contract InheritanceManager {
struct NFTAsset {
uint256 value;
address paymentToken;
uint256 lastUpdate;
address oracle; // Optional price feed
}
mapping(uint256 => NFTAsset) public nftAssets;
function createEstateNFT(
string memory _description,
uint256 _value,
address _paymentToken,
address _oracle
) external onlyOwner {
require(_value > 0, "Invalid value");
require(_paymentToken != address(0), "Invalid token");
uint256 nftID = nft.createEstate(_description);
nftAssets[nftID] = NFTAsset({
value: _value,
paymentToken: _paymentToken,
lastUpdate: block.timestamp,
oracle: _oracle
});
emit NFTCreated(nftID, _value, _paymentToken);
}
}

  1. Enhance Buyout Safety:

    • Add proper value validation

    • Implement safe math operations

    • Add slippage protection

    • Implement proper token approval checks

  2. Structural Improvements:

    • Add value update mechanism

    • Implement price oracle integration

    • Add NFT transfer restrictions

    • Create proper asset management roles

Updates

Lead Judging Commences

0xtimefliez Lead Judge 9 months ago
Submission Judgement Published
Validated
Assigned finding tags:

truncation of integers

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!