Submission Details
Severity:
Can steal ownership if there is only 1 beneficiary
Summary
Anyone can steal ownership if there is only 1 beneficiary
Vulnerability Details
/**
* @dev manages the inheritance of this wallet either
* 1. the owner lost his keys and wants to reclaim this contract from beneficiaries slot0
* 2. the owner was inactive more than 90 days and beneficiaries will claim remaining funds.
*/
function inherit() external {
if (block.timestamp < getDeadline()) {
revert InactivityPeriodNotLongEnough();
}
if (beneficiaries.length == 1) {
owner = msg.sender;
_setDeadline();
} else if (beneficiaries.length > 1) {
isInherited = true;
} else {
revert InvalidBeneficiaries();
}
}
Anyone can call the inherit() external function and steal the ownership if there is only one beneficiary :
if (beneficiaries.length == 1) { // <--
owner = msg.sender;
_setDeadline();
}
Impact
Loss of ownership. Anyone can steal the ownership if there is only 1 beneficiary.
This behavior shouldn't be possible.
Tools Used
Github, manual review.
Recommendations
Do not allow such a behavior.
Updates
Lead Judging Commences
0xtimefliez 9 months ago
Submission Judgement Published Assigned finding tags:
Inherit depends on msg.sender so anyone can claim the contract
Rewards breakdown
nSLOC
211This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.