Beginner FriendlySolidity
100 EXP
View results
Submission Details
Severity: medium
Invalid

Reentrancy Risk in inherit() Function

Summary

he inherit() function is vulnerable to a reentrancy attack, allowing a malicious contract to repeatedly call the function before the first execution completes. This could lead to unexpected ownership changes or misallocation of inheritance funds, affecting the integrity of the contract.

Vulnerability Details

The function updates critical state variables before performing necessary checks, making it susceptible to reentrant calls.

  • If msg.sender is a malicious smart contract, it can re-enter the function within the same transaction and manipulate ownership.

  • Lack of a reentrancy guard enables multiple unintended executions, leading to inconsistent contract state.

function inherit() external {
owner = msg.sender; // State update happens first
_setDeadline();
}

Problem: The ownership is changed before the function completes execution, making it possible to hijack the inheritance mechanism through repeated calls.

Impact

  • Loss of Funds: If inheritance involves monetary assets, they could be redirected or locked in an attacker-controlled address.

  • Unauthorized Ownership Takeover: An attacker contract could inherit multiple times, effectively bypassing the intended ownership transfer process.

  • State Inconsistency: Multiple reentrant calls could leave the contract in an unrecoverable or corrupted state.

Tools Used

Manual code Review

Foundry

Recommendations

To fix this issue and prevent reentrancy attacks, implement the following:

Use Reentrancy Guard:
Add OpenZeppelin’s nonReentrant modifier to block multiple calls within the same transaction.

import "@openzeppelin/contracts/security/ReentrancyGuard.sol";
contract Inheritance is ReentrancyGuard {
function inherit() external nonReentrant {
owner = msg.sender;
_setDeadline();
}
}

Update State Variables Last:
Modify the function to update critical state variables at the end, reducing exposure to attacks.

function inherit() external {
_setDeadline();
owner = msg.sender; // Update state at the end
}
Updates

Lead Judging Commences

0xtimefliez Lead Judge 5 months ago
Submission Judgement Published
Invalidated
Reason: Lack of quality

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.