Inheritable Smart Contract Wallet
First Flight #35
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

Unilateral Trustee Appointment Enables Arbitrary NFT Devaluation for Malicious Buy-Outs

sulfurpt

Summary

Unilateral Trustee Appointment Enables Arbitrary NFT Devaluation for Malicious Buy-Outs

Vulnerability Details

The appointTrustee function allows any single beneficiary to appoint a trustee without consensus. A malicious beneficiary can collude with a trustee to drastically reduce NFT values via setNftValue, enabling them to purchase assets at artificially low prices, stealing value from other beneficiaries.

Impact

High Severity

Theft of Shared Assets: Attackers can buy NFTs for pennies on the dollar, bypassing fair market value

Tools Used

Manual code review
Foundry test case (provided)

PoC

User2 can point user3 as a trustee and change the value of the NFT

function test_TrusteeCanChangeValues() public {
address owner = makeAddr("owner");
address user1 = makeAddr("user1");
address user2 = makeAddr("user2");
address user3 = makeAddr("user3");
vm.startPrank(owner);
im.addBeneficiery(user1);
im.addBeneficiery(user2);
im.createEstateNFT("our beach-house", 20, address(usdc));
vm.stopPrank();
vm.warp(1 + 90 days);
vm.startPrank(user2);
im.inherit();
im.appointTrustee(user3);
vm.stopPrank();
vm.startPrank(user3);
im.setNftValue(1, 5);
}

Recommendations

Implement a consensus mechanism ensuring that a majority of beneficiaries approve any trustee assignment.

Updates

Lead Judging Commences

0xtimefliez Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!