Wrong use of msg.sender in `GivingThanks:constructor` breaks protocol
Summary
In GivingThanks::constructor the variable msg.sender is used to register the previously deloyed instance of CharityRegistry. Instead the constructor argument _registry should be used.
Vulnerability Details
Using msg.sender to register the previously deployed contract instance of CharityRegistry means that the contract instance is not registered at the correct address. Because there is no contract instance deployed at the address msg.sender this breaks all functionality of CharityRegistry which is critical for proper functioning of the protocol.
Proof of Concept
A simple way to verify whether the correct registry address is set in GivingThanks::constructor is to test the value of registry after deployment.
Code:
The following test if placed in GivingThanks.t.sol should pass if registry is configured correctly:
Impact
Protocol is broken as the CharityRegistry is not registered at the correct address.
Tools Used
Foundry, manual review
Recommendations
Replace msg.sender with _registry in GivingThanks::constructor:
Lead Judging Commences
finding-bad-registry-set-at-construction
Likelyhood: High, the parameter is not well used and won't be set. Impact: Low, can be changed with the setter and no one will be able to donate to malicious charity.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.