Submission Details
Severity:
Attacker can become owner of the contract
Vulnerability Details
Attacker can become owner of the contract by calling inherit function when deadline has passed and there was only one beneficiary.
Impact
After becoming the owner of the contract, attacker can call sendETH and sendERC20 and transfer all eth and other ERC20 tokens to himself.
Tools Used
Manual Review
Recommendations
Add this check in inherit to make sure msg.sender is the beneficiary.
function inherit() external {
if (block.timestamp < getDeadline()) {
revert InactivityPeriodNotLongEnough();
}
if (beneficiaries.length == 1) {
+++ require(beneficiaires[0] == msg.sender, "Naughty boi");
owner = msg.sender;
_setDeadline();
} else if (beneficiaries.length > 1) {
isInherited = true;
} else {
revert InvalidBeneficiaries();
}
}
Updates
Lead Judging Commences
0xtimefliez 10 months ago
Submission Judgement Published Assigned finding tags:
Inherit depends on msg.sender so anyone can claim the contract
Rewards breakdown
nSLOC
211This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.