Summary:
The updateRegistry function in GivingThanks.sol does not have any access control, allowing anyone (including unauthorized users) to change the registry contract address. This opens up the possibility for an attacker to replace the legitimate CharityRegistry contract with a malicious contract, potentially bypassing the charity verification logic and affecting the contract’s integrity. The test fails because the attacker is able to update the registry contract address successfully.

Vulnerability Details:
Affected Contract:

• GivingThanks.sol

Affected Function:

• updateRegistry(address _registry) public

Issue: In the current implementation of the updateRegistry function, there is no restriction on who can call this function. As a result, an attacker can change the registry address to any address of their choice, potentially a malicious contract that manipulates the charity verification logic.

Impact:

Severity: High

The lack of access control in updateRegistry means that:

• Unauthorized Users Can Modify Critical Logic: Any user can replace the CharityRegistry contract with another one, including malicious ones.

• Bypassing Charity Verification: If an attacker sets the registry address to a malicious contract, subsequent donations or verifications could be processed by the attacker’s contract, effectively bypassing any verification checks or altering contract state.

• Potential Malicious Exploitation: The attacker could alter the registry logic, enabling them to manipulate donations or other key processes in the GivingThanks contract, leading to potential financial loss or unauthorized actions

Proof of Code: Test Code Showing Unrestricted Access:

In this test case:

• The attacker successfully updates the registry address, which is not expected since the test assumes the registry should remain unchanged.

• This happens because the updateRegistry function lacks any access control to restrict who can call it.

Tools Used:

• Manual code review

• Foundry

Recommendations:
To secure the contract and prevent unauthorized users from updating the registry contract, you should add an access control modifier to the updateRegistry function. For example, you could restrict access to the contract's owner or a trusted entity using the onlyOwner modifier (or any other role-based access control mechanism depending on your requirements):

• onlyOwner: This modifier ensures that only the owner of the contract (or an authorized address) can update the registry contract address. The contract will no longer be vulnerable to unauthorized changes.

By adding access control, only trusted parties (like the contract owner) can modify the registry address, securing the GivingThanks contract from potential exploitation.