Submission Details
Severity:
No access control in InheritanceManager::inherit() and anybody can manage the inheritance
Summary
The function InheritanceManager::inherit() is missing access control.
Take a look function code below and descriptions will follow.
/**
* @dev manages the inheritance of this wallet either
* 1. the owner lost his keys and wants to reclaim this contract from beneficiaries slot0
* 2. the owner was inactive more than 90 days and beneficiaries will claim remaining funds.
*/
function inherit() external {
if (block.timestamp < getDeadline()) {
revert InactivityPeriodNotLongEnough();
}
if (beneficiaries.length == 1) {
owner = msg.sender;
_setDeadline();
} else if (beneficiaries.length > 1) {
isInherited = true;
} else {
revert InvalidBeneficiaries();
}
}
Vulnerability Details
Anybody can call it, then they become the owner as per 11 above owner = msg.sender).
Impact
Anybody can manage the inheritance of this.
Tools Used
Manual review.
Recommendations
Just like the other external functions decorate this function with onlyOwner modifer. See other function signitures below as an example.
function addBeneficiery(address _beneficiary) external onlyOwner { {
Rewards breakdown
nSLOC
211This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.