Inheritable Smart Contract Wallet

First Flight #35

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: high

Invalid

Malicious Trustee Appointment and Race Condition in `InheritanceManager::appointTrustee`

roccomania

Summary

The appointTrustee function in the InheritanceManager contract allows any beneficiary to appoint a trustee, including themselves. This creates a vulnerability where a malicious beneficiary can appoint themselves as the trustee and potentially manipulate the system to their advantage. Additionally, because multiple beneficiaries can call this function, there's a race condition where the last beneficiary to call the function effectively overwrites any previous trustee appointment, leading to unpredictable behavior and potential loss of control.

Vulnerability Details

Self-Appointment: The appointTrustee function lacks a check to prevent a beneficiary from appointing themselves as the trustee.
Race Condition: The appointTrustee function can be called by any beneficiary who has inherited the estate (onlyBeneficiaryWithIsInherited modifier). If multiple beneficiaries try to appoint a trustee, the last transaction to be executed will overwrite the previous appointment. This creates a race condition. Since the trustee has privileged access (onlyTrustee modifier), the last trustee appointed is the only one that can call the function.
The onlyBeneficiaryWithIsInherited modifier allows anyone to call the function that is in the benificiaries. the issue is that any body can add themselves in the addBeneficiery function.

function appointTrustee(address _trustee) external onlyBeneficiaryWithIsInherited {

trustee = _trustee;

}

Impact

Loss of Control: A malicious beneficiary can seize control of the trustee role, potentially gaining undue influence over asset re-evaluation (using setNftValue).
Unpredictable State: The race condition makes the trustee's identity uncertain, leading to unpredictable behavior and potentially causing legitimate trustee appointments to be overridden.
Asset control: if a malicious actor can appoint himself as trustee he can then change the value of the NFT to an arbitary value.

Tools Used

Manual Code Review

Recommendations

Prevent Self-Appointment:
- Add a check within appointTrustee to ensure that _trustee is not equal to msg.sender and there are other benificiaries besides the caller.
- Consider adding a parameter that is the trustee address and the caller must approve the trustee.
function appointTrustee(address _trustee) external onlyBeneficiaryWithIsInherited {
require(_trustee != msg.sender, "Cannot appoint yourself as trustee");
require(beneficiaries.length > 1, "There must be more than one beneficiary to appoint a trustee");
trustee = _trustee;
}
Consider Multisig system:
- Consider using a multisig system where there will be quorum that must be reached to appoint trustee.

Updates

Lead Judging Commences

0xtimefliez Lead Judge 5 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

211

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.