Submission Details
Severity:
[M-1] Single Address Can Be Registered Multiple Times in `CharityRegistry::registerCharity`
Description:
The registerCharity function in the CharityRegistry contract allows an address to register as a charity without verifying if it is already registered. This lack of restriction permits the same address to be registered multiple times.
Impact:
Without a restriction on duplicate registrations, the function could be exploited. Malicious actors could register the same address multiple times, potentially misleading donors and diverting funds intended for recognizable charities. This could undermine the charity registry's integrity and enable funds to drain through repeated registrations on a single address.
Proof of Code:
The following test function demonstrates that the same address can be registered multiple times:
function test_SameAddress_Can_RegisterCharity_Again(address newAddress) public {
address newAddress = address(1);
registryContract.registerCharity(newAddress);
assertTrue(registryContract.registeredCharities(newAddress));
address sameAddress = newAddress;
registryContract.registerCharity(sameAddress);
assertTrue(registryContract.registeredCharities(sameAddress));
}
Tools Used:
Foundry
Recommended Mitigations:
Add a check-in CharityRegistry::registerCharity to ensure an address is not already registered as a charity:
function registerCharity(address charity) public {
require(!registeredCharities[charity], "This address is already registered as a charity");
registeredCharities[charity] = true;
}
Rewards breakdown
nSLOC
67This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.