GivingThanks

Summary

The GivingThanks contract has an error in its constructor where the registry variable is assigned msg.sender instead of _registry which is the intended input address for the CharityRegistry contract. This mistake results in the GivingThanks contract referencing the deployer's address instead of the charity registry thereby blocking the donate function from validating charities resulting in breaking the main functionality of the entire project.

Vulnerability Details

In the constructor of the GivingThanks contract, the registry variable that is intended to store the address of the CharityRegistry contract, is mistakenly assigned msg.sender. Since msg.sender is the address deploying the GivingThanks contract, the registry reference becomes invalid, preventing access to the necessary charity verification records.

https://github.com/Cyfrin/2024-11-giving-thanks/blob/304812abfc16df934249ecd4cd8dea38568a625d/src/GivingThanks.sol#L15

Impact

This error causes the GivingThanks contract to fail when validating charities through the donate function, as it cannot access the actual charity verification data. Without access to the correct CharityRegistry contract, the GivingThanks contract cannot verify addresses as legitimate charities, rendering donations and NFT minting inoperable. This therefore blocks all the intended functionalities of the donate function and would prevent the contract from functioning as designed and intended.

Tools Used

Manual code inspection.

Recommendations

Update the GivingThanks contract's constructor to assign the _registry argument to the registry variable instead of msg.sender.