Incorrect `msg.sender` Assignment in `GivingThanks::constructor` Results in Registry Misconfiguration
Summary
In the GivingThanks contract constructor, the registry variable is mistakenly assigned to msg.sender rather than _registry. This causes the donate function to fail, as msg.sender does not implement the necessary isVerified function expected from the CharityRegistry.
Vulnerability Details
The constructor sets the registry variable to msg.sender, instead of the provided _registry address, as shown below:
Since the registry address is incorrectly set to msg.sender, any call to registry.isVerified() in the donate function will fail, as the contract instance at msg.sender does not contain the required isVerified function. This effectively breaks donation functionality and prevents interactions with registered charities.
Impact
Failure of the
donatefunction: Without the correct registry address, thedonatefunction cannot verify charities, leading to donation process failures.Contract Misconfiguration: Using
msg.senderinstead of_registryresults in improper initialization, making the contract unable to perform as designed.
Tools Used
Manual Review
Recommendations
Assign the registry variable to _registry to ensure proper configuration:
This change ensures the GivingThanks contract is correctly initialized with the intended CharityRegistry address, restoring donation functionality and allowing proper charity verification.
Lead Judging Commences
finding-bad-registry-set-at-construction
Likelyhood: High, the parameter is not well used and won't be set. Impact: Low, can be changed with the setter and no one will be able to donate to malicious charity.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.