Summary

The updateRegistry function in the GivingThanks smart contract is missing an authorization check, allowing any user to change the address of the registry contract. This could lead to unauthorized modifications that may compromise the security and functionality of the contract, as the registry is used to verify charities eligible for donations.

Vulnerability Details

The updateRegistry function is a public function that allows modification of the registry contract address. Without an access control mechanism, such as an onlyOwner modifier, any user can call this function and set the registry to a malicious or arbitrary address. This change could allow unverified or malicious entities to bypass verification requirements, receive funds, or disrupt legitimate charity donations by pointing to an incorrect registry.

For example, any user could call:

This would replace the current registry with a potentially malicious registry contract, thereby allowing unauthorized or unverified addresses to receive donations.

Impact

Allowing unauthorized updates to the registry contract could compromise the entire donation verification process. This may lead to unauthorized recipients receiving funds, loss of trust from donors, and potential exploitation of the platform’s funds.

Tools Used

Manual review.

Recommendations

Restrict access to the updateRegistry function by implementing an authorization check, such as using OpenZeppelin’s onlyOwner modifier, to ensure that only the contract owner or an authorized admin can modify the registry address. This will prevent unauthorized users from updating critical contract state and ensure only verified charities are eligible for donations.

Example code update:

Copy code

Adding the onlyOwner modifier restricts access to this function, allowing only the owner (or an authorized entity) to make updates, thus maintaining the security and integrity of the contract’s registry.