Submission Details
Severity:
Unrestricted inherit Function
Summary
The inherit function in the InheritanceManager contract can be called by anyone if the beneficiaries array has only one address. This could allow unauthorized users to take control of the contract.
Vulnerability Details
-
Code:
function inherit() external {if (block.timestamp < getDeadline()) {revert InactivityPeriodNotLongEnough();}if (beneficiaries.length == 1) {owner = msg.sender;_setDeadline();} else if (beneficiaries.length > 1) {isInherited = true;} else {revert InvalidBeneficiaries();}}
The function does not restrict access to beneficiaries, allowing anyone to call it if there is only one beneficiary.
Impact
An attacker could exploit this to become the owner of the contract.
Tools Used
Manual reviewe
Recommendations
Restrict the inherit function to only allow beneficiaries to call it:
function inherit() external {
if (block.timestamp < getDeadline()) {
revert InactivityPeriodNotLongEnough();
}
if (beneficiaries.length == 1) {
require(msg.sender == beneficiaries[0], "Caller is not the sole beneficiary");
owner = msg.sender;
_setDeadline();
} else if (beneficiaries.length > 1) {
isInherited = true;
} else {
revert InvalidBeneficiaries();
}
}
Updates
Lead Judging Commences
0xtimefliez 9 months ago
Submission Judgement Published Assigned finding tags:
Inherit depends on msg.sender so anyone can claim the contract
Rewards breakdown
nSLOC
211This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.