GivingThanks

<details><summary>2 Found Instances</summary>

​

​

- Found in src/CharityRegistry.sol

​

```solidity

admin = newAdmin;

```

​

- Found in src/GivingThanks.sol

​

```solidity

registry = CharityRegistry(_registry);

```

</details>

**Description**

The changeAdmin function lacks a check to ensure that newAdmin is not the zero address. Without this check, anyone with the current admin privileges could mistakenly (or maliciously) assign address(0) as the new admin, essentially "locking" critical functionality that relies on the admin address.

​

**Impact:**

If admin becomes address(0):

1. The contract may lose administrative control, as address(0) has no private key and no one can control it.

2. Functions restricted to admin (such as changeAdmin itself) would become unusable, locking the contract in a potentially unusable state.

3. Recovery would be impossible unless the contract had additional mechanisms to reset or replace the admin.

​

**Recommended Mitigation:** To prevent this, add a check for address(0):

​

```solidity

function changeAdmin(address newAdmin) public {

require(msg.sender == admin, "Only admin can change admin");

require(newAdmin != address(0), "New admin cannot be the zero address");

admin = newAdmin;

}

```

```solidity

function updateRegistry(address _registry) public {

require(_registry != address(0), "Registry address cannot be the zero address");

registry = CharityRegistry(_registry);

}

```