GivingThanks
First Flight #28
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

GivingThanks.donate(): Minitg unlimited number of NFT tokens by charity

k3ysk1lls

Summary

A verified charity can use their donated funds to donate to themselves and receive DonationReceipt tokens in an almost unlimited quantity - limited by the sum of their gas costs vs balance.

Vulnerability Details

There is no check that prevents a charity from donating to itself. Therefore, each charity can mint a DonationReceipt token as many times as it wants.

Impact

The purpose of DonationReceipt tokens is to identify donors. However, allowing charities to make donations themselves makes the DonationReceipt obsolete. You don't really know if the address on the receipt actually donated eth to a charity.

Tools Used

Run the following test in the GivingThanks.t.sol test contract.

function testCharityCanMintNFT() public {
vm.deal(charity, 20 ether);
uint256 balanceBefore = charity.balance;
uint256 initialTokenCounter = charityContract.tokenCounter();
assertEq(initialTokenCounter, 0);
vm.prank(charity);
charityContract.donate{value: balanceBefore}(charity);
uint256 balanceAfter = charity.balance;
//gas neglected
assert(balanceBefore == balanceAfter);
assertEq(charityContract.tokenCounter(), initialTokenCounter + 1);
assertEq(charityContract.ownerOf(initialTokenCounter), charity);
}

Recommendations

Depending on your policy, you may:

  • prohibit any registered/verified charity from making donations

  • prohibit any verified charity from making donations to itself.

Updates

Lead Judging Commences

n0kto Lead Judge 10 months ago
Submission Judgement Published
Validated
Assigned finding tags:

finding-charities-can-get-big-amount-NFT-for-free

Likelyhood: Informational/Very low, admin will verified the contract. Impact: High, NFT with real value for free. I accept this one has a Low due to its High Impact.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.