updateRegistry
function in GivingThanks.sol does not have any access control, allowing anyone (including unauthorized users) to change the registry contract address. This opens up the possibility for an attacker to replace the legitimate CharityRegistry
contract with a malicious contract, potentially bypassing the charity verification logic and affecting the contract’s integrity. The test fails because the attacker is able to update the registry contract address successfully.GivingThanks.sol
Affected Function:
updateRegistry(address _registry) public
Issue: In the current implementation of the updateRegistry
function, there is no restriction on who can call this function. As a result, an attacker can change the registry address to any address of their choice, potentially a malicious contract that manipulates the charity verification logic.
Severity: High
The lack of access control in updateRegistry
means that:
Unauthorized Users Can Modify Critical Logic: Any user can replace the CharityRegistry
contract with another one, including malicious ones.
Bypassing Charity Verification: If an attacker sets the registry address to a malicious contract, subsequent donations or verifications could be processed by the attacker’s contract, effectively bypassing any verification checks or altering contract state.
Potential Malicious Exploitation: The attacker could alter the registry logic, enabling them to manipulate donations or other key processes in the GivingThanks contract, leading to potential financial loss or unauthorized actions
In this test case:
The attacker successfully updates the registry address, which is not expected since the test assumes the registry should remain unchanged.
This happens because the updateRegistry
function lacks any access control to restrict who can call it.
Manual code review
Foundry
updateRegistry
function. For example, you could restrict access to the contract's owner or a trusted entity using the onlyOwner
modifier (or any other role-based access control mechanism depending on your requirements):onlyOwner
: This modifier ensures that only the owner of the contract (or an authorized address) can update the registry contract address. The contract will no longer be vulnerable to unauthorized changes.
By adding access control, only trusted parties (like the contract owner) can modify the registry address, securing the GivingThanks contract from potential exploitation.
Likelyhood: High, anyone can change it at anytime Impact: High, can bypass the verification process
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.