GivingThanks
First Flight #28
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Missing Maximum Donation Limit

sauronsol

Summary

The GivingThanks contract lacks an upper bound validation for donation amounts, allowing arbitrarily large donations that could cause numerical issues or overflows during value transfers.

Vulnerability Details

The donate function accepts any non-zero amount without an upper limit:

function donate(address charity) public payable {
require(registry.isVerified(charity), "Charity not verified");
(bool sent,) = charity.call{value: msg.value}(""); // No maximum check
require(sent, "Failed to send Ether");
}

Test demonstrating the vulnerability:

function testExcessiveDonationAmount() public {
// Setup normal donation - succeeds
uint256 normalAmount = 10 ether;
vm.deal(address(this), normalAmount);
charityContract.donate{value: normalAmount}(charity);
// Excessive donation - causes overflow
uint256 hugeAmount = type(uint256).max;
vm.deal(address(this), hugeAmount);
vm.expectRevert();
charityContract.donate{value: hugeAmount}(charity);
}

Impact

  • Potential numerical overflow in value transfers

  • Gas issues with extremely large donations

  • UI/Frontend display problems with large numbers

  • Possible manipulation of donation statistics

Tools Used

  • Manual code review

  • Foundry testing framework

  • Test demonstrating both normal and overflow cases

  • Contract state analysis

Recommendations

Add maximum donation limit validation:

contract GivingThanks {
uint256 public constant MAX_DONATION = 1000000 ether;
function donate(address charity) public payable {
require(msg.value <= MAX_DONATION, "Donation exceeds maximum");
require(msg.value > 0, "Donation must be non-zero");
// ... rest of function
}
}
Updates

Lead Judging Commences

n0kto Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.