[H-1] Incorrect Initialization of registry Variable Causes Denial of Service (DoS)
Summary
The registry variable in the GivingThanks::constructor` is incorrectly initialized with msg.sender rather than the _registry parameter. This misconfiguration prevents the donate function from verifying charities, making the contract unusable for its main purpose of processing donations.
Vulnerability Details
In the GivingThanks::constructor, the registry variable is set to msg.sender instead of _registry, which should be the actual address of the charity registry. This causes the donate function to fail at the verification step because isVerified checks cannot access the intended charity registry contract. As a result, any attempt to donate will trigger a revert.
Impact
This error leads to a complete denial of service for the contract. Since donations depend on the verification of charities, the entire functionality of the contract is blocked. No donations can be processed without verified charities, making the contract inoperable.
Tools Used
VS Code
Recommendations
Update the constructor to assign _registry to the registry variable, as shown below :
```
```
Lead Judging Commences
finding-bad-registry-set-at-construction
Likelyhood: High, the parameter is not well used and won't be set. Impact: Low, can be changed with the setter and no one will be able to donate to malicious charity.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.