Missing access control in `InheritanceManager::inherit` function allows unauthorized ownership takeover
Summary
The inherit function lacks any access control mechanism, permitting anyone to call it after 90 days of owner inactivity. If there is exactly one beneficiary, the caller becomes the new owner of the contract, enabling an unauthorized party to gain full control. This undermines the intended inheritance logic and exposes the contract to a critical security risk.
Vulnerability Details
The following function is marked as external with no restrictions on who can call it. Afther 90 days of inactivity any address can call it.
In the case `beneficiaries.length == 1`, The caller (msg.sender) is assigned as the new owner, and the deadline is reset via _setDeadline(). This allows the new owner to execute privileged functions like sendETH, sendERC20, and contractInteractions.
Impact
An attacker can take over the contract if there’s one beneficiary, gaining access to all assets and control functions, effectively locking out the original owner and beneficiary.
Tools Used
Manual code review
Recommendations
Restrict this function to Owner or Beneficiary
Lead Judging Commences
Inherit depends on msg.sender so anyone can claim the contract
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.