Inheritable Smart Contract Wallet
First Flight #35
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Ownership rights may be taken away when inheriting.

wsd871119b

Summary

Ownership rights may be taken away when inheriting.

Vulnerability Details

The inherit function is a function that is exposed externally and does not check whether it is an beneficiary.

function inherit() external {
if (block.timestamp < getDeadline()) {
revert InactivityPeriodNotLongEnough();
}
if (beneficiaries.length == 1) {
owner = msg.sender;
_setDeadline();
} else if (beneficiaries.length > 1) {
isInherited = true;
} else {
revert InvalidBeneficiaries();
}
}

Therefore, the inherite function can be called by an attacker who is not the owner or the beneficiaries.

Attack example:

When only one is set as the beneficiaries.

The attacker waits for the inheritance deadline (90 days) or uses a bot to call the inherite function before than others.

if (beneficiaries.length == 1) {
owner = msg.sender;
_setDeadline();
}

Since there is a code like the above, the attacker's address will be set as the owner.
When set as the owner, the attacker can steal the funds.

Impact

The attacker's address can be set as the owner and when set as the owner, the attacker can steal the funds.

Tools Used

Manual Review

Recommendations

You can set a modifier to check whether a function related to inheritance is an inheritor.

Updates

Lead Judging Commences

0xtimefliez Lead Judge 9 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Inherit depends on msg.sender so anyone can claim the contract

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!