Submission Details
Severity:
InheritanceManager.sol::contractInteractions, createEstateNFT and removeBeneficiary doesn't reset the 90 days timer breaking Core Assumption of the Protocol
[H-1] InheritanceManager.sol::contractInteractions, createEstateNFT and removeBeneficiary doesn't reset the 90 days timer breaking Core Assumption of the Protocol
Description
In the protocol README, in the Core Assumptions and Invariants section, the first says:
1. EVERY transaction the owner does with this contract must reset the 90 days timer
But the three functions as stated above, InheritanceManager.sol::contractInteractions, createEstateNFT and removeBeneficiary, doesn't reset the 90 days timer which breaks the core Assumption of the Protocol.
Impact
This can make someone to take ownership of this contract even if the owner was active in the 90 days because the owner might think the timer reset when he called the above functions.
Proof of Concepts
function contractInteractions(address _target, bytes calldata _payload, uint256 _value, bool _storeTarget)
external
nonReentrant
onlyOwner
{
(bool success, bytes memory data) = _target.call{value: _value}(_payload);
require(success, "interaction failed");
if (_storeTarget) {
interactions[_target] = data;
}
@> ...
}
function createEstateNFT(string memory _description, uint256 _value, address _asset) external onlyOwner {
uint256 nftID = nft.createEstate(_description);
nftValue[nftID] = _value;
assetToPay = _asset;
@> ...
}
function removeBeneficiary(address _beneficiary) external onlyOwner {
uint256 indexToRemove = _getBeneficiaryIndex(_beneficiary);
delete beneficiaries[indexToRemove];
@> ...
}
Tools Used
Manual Review
Recommended mitigation
Add _setDeadline() below the above functions as shown below.
function contractInteractions(address _target, bytes calldata _payload, uint256 _value, bool _storeTarget)
external
nonReentrant
onlyOwner
{
(bool success, bytes memory data) = _target.call{value: _value}(_payload);
require(success, "interaction failed");
if (_storeTarget) {
interactions[_target] = data;
}
+ _setDeadline()
}
function createEstateNFT(string memory _description, uint256 _value, address _asset) external onlyOwner {
uint256 nftID = nft.createEstate(_description);
nftValue[nftID] = _value;
assetToPay = _asset;
+ _setDeadline()
}
function removeBeneficiary(address _beneficiary) external onlyOwner {
uint256 indexToRemove = _getBeneficiaryIndex(_beneficiary);
delete beneficiaries[indexToRemove];
+ _setDeadline()
}
Updates
Lead Judging Commences
0xtimefliez 6 months ago
Submission Judgement Published Assigned finding tags:
functions do not reset the deadline
Rewards breakdown
nSLOC
211This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.