Submission Details
Severity:
Unprotected Regiistry Update in `GivingThanks.sol`
Description: The GivingThanks::updateRegistry function has no access control, allowing anyone to change the registry address to any value.
function updateRegistry(address _registry) public {
registry = CharityRegistry(_registry);
}
Impact:
Complete system compromise possible
Attacker can redirect donations to unverified addresses
Loss of funds for donors
Proof of Concept:
function testRegistryHijack() public {
address attacker = address(0x1);
address maliciousRegistry = address(new FakeRegistry());
vm.prank(attacker);
givingThanks.updateRegistry(maliciousRegistry);
// Registry successfully changed to attacker's contract
assertEq(address(givingThanks.registry()), maliciousRegistry);
}
Recommended Mitigation:
modifier onlyOwner() {
require(msg.sender == owner, "Not owner");
_;
}
function updateRegistry(address _registry) public onlyOwner {
require(_registry != address(0), "Invalid registry address");
registry = CharityRegistry(_registry);
emit RegistryUpdated(_registry);
}
Updates
Lead Judging Commences
n0kto 12 months ago
Submission Judgement Published Assigned finding tags:
finding-anyone-can-change-registry
Likelyhood: High, anyone can change it at anytime Impact: High, can bypass the verification process
Rewards breakdown
nSLOC
67This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.