GivingThanks

Summary

The changeAdmin function in the contract allows setting the admin to address(0), which can lead to a complete loss of administrative control over the contract. Without an active admin, certain critical functions may become unusable, and recovery of control is impossible without a contract redeployment.

Vulnerability Details

Function: changeAdmin(address newAdmin)

• Issue: The function does not check if newAdmin is address(0). Consequently, if an administrator accidentally or maliciously sets admin to address(0), no further administrative actions can be performed.

• Root Cause: Lack of input validation for the newAdmin parameter to prevent assignment of the zero address.

Impact

If admin is set to address(0), it completely breaks the contract’s core functionality. Only the admin can verify charities using the verifyCharity function. Without verified charities, the contract cannot accept donations, essentially halting its intended operation. This issue has a High Impact and a Medium to Low Likelihood, as it could occur through either an accidental or malicious action.

Tools Used

VsCode

Recommendations

Consider implementing a mechanism for recovery in the event that the admin is accidentally set to address(0), such as a multi-signature wallet or emergency admin reset function.

Or You can add a check to ensure newAdmin is not address(0) before assigning it to admin. Implement the following condition: