Beginner FriendlySolidity
100 EXP
View results
Submission Details
Severity: high
Invalid

No access control in InheritanceManager::inherit() and anybody can manage the inheritance

Summary

The function InheritanceManager::inherit() is missing access control.

Take a look function code below and descriptions will follow.

/**
* @dev manages the inheritance of this wallet either
* 1. the owner lost his keys and wants to reclaim this contract from beneficiaries slot0
* 2. the owner was inactive more than 90 days and beneficiaries will claim remaining funds.
*/
function inherit() external {
if (block.timestamp < getDeadline()) {
revert InactivityPeriodNotLongEnough();
}
if (beneficiaries.length == 1) {
owner = msg.sender;
_setDeadline();
} else if (beneficiaries.length > 1) {
isInherited = true;
} else {
revert InvalidBeneficiaries();
}
}

Vulnerability Details

Anybody can call it, then they become the owner as per 11 above owner = msg.sender).

Impact

Anybody can manage the inheritance of this.

Tools Used

Manual review.

Recommendations

Just like the other external functions decorate this function with onlyOwner modifer. See other function signitures below as an example.

function addBeneficiery(address _beneficiary) external onlyOwner { {

Updates

Lead Judging Commences

0xtimefliez Lead Judge 5 months ago
Submission Judgement Published
Invalidated
Reason: Design choice
0xtimefliez Lead Judge 5 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.