Inheritable Smart Contract Wallet
First Flight #35
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

Beneficiary Can Appoint Themselves as Trustee and Manipulate NFT Valuation for Buyout

0xadwa

Summary

A beneficiary can exploit the ability to appoint themselves as the trustee, allowing them to manipulate the valuation of the estate NFT. This can result in an unfair buyout where they acquire the NFT at a significantly lower price, disadvantaging other beneficiaries.

Vulnerability Details

function appointTrustee(address _trustee) external onlyBeneficiaryWithIsInherited {
trustee = _trustee;
}

  1. Unrestricted Trustee Appointment:

    • The appointTrustee function allows a beneficiary to appoint themselves as the trustee without restrictions.

  2. Manipulation of NFT Valuation:

    • If a beneficiary appoints themselves as the trustee, they can undervalue the NFT before triggering a buyout.

  3. Buyout at an Artificially Lower Price:

    • The buyOutEstateNFT function uses the manipulated valuation, allowing the malicious trustee to acquire the NFT at a reduced price. Other beneficiaries receive a lower payout than they should, leading to financial loss.

Impact

  • A malicious beneficiary can gain unfair control over the NFT at a lower price.

  • Other beneficiaries receive less compensation than they are entitled to.

  • The trust mechanism is compromised, reducing fairness and integrity.

Tools Used

Manual review

Recommendations

Require Multi-Signature Approval for Trustee Appointments, meaning ensure that multiple beneficiaries (or a quorum) must approve a trustee.

Updates

Lead Judging Commences

0xtimefliez Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Other

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!