Inheritable Smart Contract Wallet
First Flight #35
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Reentrancy Vulnerability in InheritanceManager Contract

0xsalami

Summary

A critical vulnerability has been identified in the InheritanceManager contract's reentrancy protection mechanism. The nonReentrant modifier contains an implementation error where it checks one transient storage slot but sets the lock flag in a different slot. This broken protection allows for reentrancy attacks against multiple functions that handle asset transfers, potentially leading to unauthorized fund extraction.

Vulnerability Details

The issue is that the modifier checks for reentrancy using tload(1) but sets the reentrancy lock using tstore(0, 1). Due to this slot mismatch, the lock is ineffective since the code checks a different slot than it modifies. This vulnerability affects several critical functions including sendETH, sendERC20, and contractInteractions.

Impact

Manipulation of contract state during external calls made via the contractInteractions function

Tools Used

Manual code review

Recommendations

Ensure the same transient storage slot is used for both checking and setting the lock

modifier nonreentrant {
assembly {
_ if tload(1) { revert(0, 0) }
+ if tload(0) { revert(0, 0) }
tstore(0, 1)
}
_;
// Unlocks the guard, making the pattern composable.
// After the function exits, it can be called again, even in the same transaction.
assembly {
tstore(0, 0)
}
}
Updates

Lead Judging Commences

0xtimefliez Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Wrong value in nonReentrant modifier

0xtimefliez Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Wrong value in nonReentrant modifier

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.