[M-03] Improper 'registry' initialization in ERC721 constructor leads to broken contract functionality
Summary
The GivingThanks contract DonationReceipt constructor incorrectly initializes the registry variable using msg.sender instead of the provided _registry parameter in its constructor. This results in the registry being set to the deployer's address rather than a valid CharityRegistry contract instance, leading to broken functionality.
Vulnerability Details
The line registry = CharityRegistry(msg.sender); assigns the registry to the deployer’s address (msg.sender) instead of the _registry parameter with the actual CharityRegistry contract address.
Impact
Transactions with the registry will fail since the deployer's address does not have the CharityRegistry contract functions supplied. This leads to reverted transactions and non-functional features dependent on the registry.
Recommendations
Fix the initialization logic to use the actual CharityRegistry contract address from the _registry parameter.
Lead Judging Commences
finding-bad-registry-set-at-construction
Likelyhood: High, the parameter is not well used and won't be set. Impact: Low, can be changed with the setter and no one will be able to donate to malicious charity.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.