GivingThanks

Summary

The GivingThanks contract has a vulnerability in its updateRegistry function due to the lack of access control. This allows any user to modify the charity registry, which an attacker could exploit to gain unauthorized privileges, such as adding unverified charities and minting multiple donation NFTs or disrupting donations entirely by causing transaction reverts.

Vulnerability Details

The updateRegistry function in the GivingThanks contract does not have access control, meaning any caller can modify the registry address. This poses two key issues:

1. A malicious actor could set the registry to an unauthorized contract or a fake registry, thus bypassing the isVerified check in the donate function. This would allow an unverified charity to accept donations and mint unlimited NFTs.

2. An attacker could set registry to an address that consistently reverts, effectively causing every donation attempt to fail, resulting in a denial of service for legitimate users attempting to donate to verified charities.

The vulnerable code is as follows:

Impact

This vulnerability could lead to two significant consequences:

1. Unauthorized NFT Minting: An unverified charity could exploit this by setting the registry address to their own, which would allow them to mint as many donation NFTs as they desire.

2. Denial of Service: An attacker could repeatedly reset the registry to an address that always reverts on isVerified checks, thereby preventing any successful donations and disrupting the protocol’s intended function.

Tools Used

Manual Review

Recommended Mitigation

Implement access control on the updateRegistry function to restrict its usage to the contract owner or another authorized entity. This could be achieved by adding the onlyOwner modifier from OpenZeppelin’s Ownable contract:

Adding this restriction will prevent unauthorized users from modifying the registry and mitigate the risk of both DoS attacks and unauthorized NFT minting.