Inactivity Timer Not Resetting on Owner Transactions
Summary
The contract has a vulnerability where the 90-day inactivity timer is not reset on certain transactions performed by the owner. This allows the owner to be incorrectly flagged as inactive, which could trigger inheritance mechanisms prematurely. Specifically, creating an NFT for real-world assets does not reset the inactivity timer, leading to an unintended inheritance state.
Vulnerability Details
In the createEstateNFT function, the owner creates an estate NFT and assigns values to it, but the function does not update or reset the inactivity timer. As a result, if the owner performs any transactions that are meant to be active (such as creating an NFT), the contract will still consider the owner inactive if 90 days have passed since their last valid action.
This could lead to a situation where the owner, despite taking actions like creating new NFTs, could be falsely marked as inactive, potentially triggering unintended inheritance or asset transfer processes.
Impact
If this vulnerability is exploited, the contract may incorrectly trigger inheritance mechanisms, allowing the beneficiaries to claim the assets when the owner is still active, thereby violating the expected behavior and logic of the system.
Tools Used
Manual code review
Recommendations
Update the createEstateNFT function to trigger a reset of the inactivity timer.
Lead Judging Commences
functions do not reset the deadline
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.