GivingThanks
First Flight #28
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Admin can register and verify as charity

joseph_nwodoh

Summary

An admin can register as a charity and verify himself as a verified charity giving him a chance to earn from the donations

Vulnerability Details

function testAdminCanRegsiterAndVerifyAsCharity() public {
// Admin registers and verifies as a charity
vm.startPrank(admin);
registryContract.registerCharity(admin);
registryContract.verifyCharity(admin);
vm.stopPrank();
// Fund the donor
uint256 donorBalance = 10 ether;
vm.deal(donor, 10 ether);
// Donor donates to charity
vm.prank(donor);
charityContract.donate{value: donorBalance}(admin);
assertEq(admin.balance, donorBalance);
assertEq(donor.balance, 0);
Add the code above to the `GivingThanks.t.sol` test suite and run `forge test --mt testAdminCanRegsiterAndVerifyAsCharity -vvv`.

Impact

The admin can register and verify verify himself which is bad for transperency

Tools Used

Foundry, Manual review

Recommendations

Consider adding a check in the `CharityRegistry::registerCaharity()` that prohibits the admin from registering as a charity.
```diff
function registerCharity(address charity) public {
+ if(admin == charity){
+ revert CharityRegistry__AdminCannotBeCharity();
+ }
registeredCharities[charity] = true;
}
```
Updates

Lead Judging Commences

n0kto Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.