Lack of access control in function `updateRegistrty()` in `GivingThanks.sol` allows anyone to update the address of the registry and change its logic by pointing the registry address to an arbitrary contract that steals donor funds
Summary
function updateRegistry() has no access controls allowing anyone to change the address of registry and change the logic of CharityRegistry.sol. An attacker can deploy an arbitrary contract with different logic, i.e changing function isVerified whereby the attacker transfers the donated ether to themselves.
Vulnerability Details
This function allows anyone to call it and update registry to an arbitrary contract which could literally do anything like stealing donors funds.
Impact
Stealing of donors funds.
Tools Used
Manual review.
Recommendations
Add access control mechanism(s) to function updateRegistry(), e.g a modifier.
Lead Judging Commences
finding-anyone-can-change-registry
Likelyhood: High, anyone can change it at anytime Impact: High, can bypass the verification process
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.