GivingThanks

Summary

The GivingThanks::donate function allows donors to mint NFTs without requiring any Ether to be sent. This vulnerability enables anyone to mint unlimited NFTs for free by repeatedly calling the donate function with zero Ether, undermining the platform's purpose of facilitating charitable donations.

Vulnerability Details

Vulnerable Code:

Issue:

• The donate function does not enforce a minimum msg.value, allowing calls with zero Ether.

• Donors can call donate with msg.value == 0, resulting in the minting of an NFT without any actual donation.

• The call to charity.call{value: msg.value}("") with zero value does not transfer any Ether to the charity.

Proof of Concept:

Note: Before running the test, ensure that the constructor in the GivingThanks contract is corrected to properly initialize the registry variable. Update the constructor on line 16 as follows:

The following test demonstrates the vulnerability:

Explanation:

• The MintForFree contract calls donate with msg.value == 0 three times.

• Each call results in minting an NFT to the MintForFree contract without any Ether being sent to the charity.

• The test confirms that three NFTs were minted, and the charity's balance remains zero.

Impact

• Unauthorized Minting of NFTs: Users can mint unlimited NFTs without making any donations.

• Financial Loss for Charities: Charities do not receive expected funds from supposed donations.

• Undermines Donation Model: The fundamental purpose of the platform—to facilitate donations—is compromised.

• Reputation Damage: The platform may lose credibility if users exploit this to obtain NFTs without contributing.

Tools Used

• Forge (Foundry): For writing and executing the test case.

• Manual Code Review: To identify the lack of minimum donation enforcement.

Recommendations

• Enforce a Minimum Donation Amount:

  Add a check to ensure that msg.value is greater than zero:

  function donate(address charity) public payable {

  require(registry.isVerified(charity), "Charity not verified");

  + require(msg.value > 0, "Donation amount must be greater than zero");

  ​

  (bool sent,) = charity.call{value: msg.value}("");

  require(sent, "Failed to send Ether");

  ​

  _mint(msg.sender, tokenCounter);

  ​

  // Create metadata for the tokenURI

  string memory uri = _createTokenURI(msg.sender, block.timestamp, msg.value);

  _setTokenURI(tokenCounter, uri);

  ​

  tokenCounter += 1;

  }

• Consider Setting a Minimum Donation Threshold:

  • Define a minimum acceptable donation amount (e.g., 0.01 Ether) to prevent micro-donations that might not be meaningful after gas costs.

• Validate Donation Success:

  • Ensure that the Ether transfer to the charity is successful and that the amount is significant before minting the NFT.

• Update Tests Accordingly:

  • Modify existing tests to account for the minimum donation requirement.

  • Add tests to verify that donations below the minimum amount are rejected.

By implementing these recommendations, the contract will prevent users from minting NFTs without making actual donations, preserving the platform's integrity and ensuring that charities receive the intended funds.