GivingThanks

Summary

The GivingThanks contract's constructor contains an unused _registry parameter, which should initialize the registry variable. However, instead of assigning _registry to registry, the constructor sets registry to msg.sender, making the protocol unusable as registry does not reference a valid CharityRegistry contract.

Vulnerability Details

The vulnerability exists in the constructor of the GivingThanks contract:

Here, the registry variable, which is intended to hold a reference to an external CharityRegistry contract, is incorrectly set to msg.sender instead of _registry. This results in the contract using the deployer’s address as the registry, which is incorrect and makes the donate function inoperable. Specifically, the donate function checks if a charity address is verified via registry.isVerified(charity), which will fail because msg.sender is not a CharityRegistry contract and lacks this function.

Impact

This misassignment renders the GivingThanks contract unusable, as the donate function will consistently fail when calling isVerified. Users will be unable to donate, as verification of charity addresses is broken. This vulnerability compromises the protocol's intended functionality and could lead to user frustration, loss of donations, and damage to the protocol’s credibility.

Tools Used

Manual Review

Recommended Mitigation

To resolve this issue, replace msg.sender with _registry in the constructor when assigning the registry variable. This ensures that the correct CharityRegistry contract is referenced:

This fix will allow the contract to interact with the specified CharityRegistry contract, enabling the donate function to verify charities as intended.