deadline is not reset for some functions with onlyOwner modifier
Summary
deadline is not reset for the following InheritanceManager::contractInteractions , InheritanceManager::createEstateNFT and InheritanceManager::removeBeneficiary funcitons.
This breaks the invariant EVERY transaction the owner does with this contract must reset the 90 days timer listed on contest page.
Vulnerability Details
Whenever owner calls any function with onlyOwner modifier , InheritanceManager::_setDeadline needs to be called to reset deadline but since we are not calling this internal function in the three funcitons stated above, it will not be reset.
Impact
InheritanceManager::inherit checks if current timestamp is older than deadline and this condition will easily be bypassed as we didn't update deadline for some of the functions, due to this beneficiary will be to take the control of the contract before the TIMELOCK ends.
Tools Used
Manual Review
Recommendations
Add InheritanceManager::_setDeadline in InheritanceManager::contractInteractions , InheritanceManager::createEstateNFT and InheritanceManager::removeBeneficiary funcitons.
Lead Judging Commences
functions do not reset the deadline
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.