GivingThanks

First Flight #28

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: low

Invalid

Missing checks for `address(0)` when assigning values to address state variables could break admin functions

trashpirate

Summary

Zero address checks for the address state variables admin and registry are missing. This could lead to a situation where admin functions cannot be accessed anymore.

3 Found Instances:

Found in src/CharityRegistry.sol Line: 29

function changeAdmin(address newAdmin) public {
require(msg.sender == admin, "Only admin can change admin");
@> admin = newAdmin;
}
Found in src/GivingThanks.sol Line: 16

constructor(address _registry) ERC721("DonationReceipt", "DRC") {
@> registry = CharityRegistry(msg.sender);
owner = msg.sender;
tokenCounter = 0;
}
Found in src/GivingThanks.sol Line: 56

function updateRegistry(address _registry) public {
@> registry = CharityRegistry(_registry);
}

Vulnerability Details

The address state variables for admin and registry are not checked for zero address in the functions CharityRegistry::verifyCharity and CharityRegistry::changeAdmin allowing the admin/user to accidentally set the state variables to the zero address.

Proof of Concept

Admin accidentally sets the admin address to zero address
Unverified charity registeredCharities
Admin tries to verify charity but fails
Admin tries to change admin address but fails

Code:

The following test demonstrates that after setting the admin to the zero address the CharityRegistry::verifyCharity function and CharityRegistry::changeAdmin function are not accessible anymore.

function testAdminSetToZero() public {

// Admin sets admin address to zero

vm.prank(admin);

registryContract.changeAdmin(address(0x0));

// Unverified charity registers but is not verified

address unverifiedCharity = address(0x4);

vm.prank(unverifiedCharity);

registryContract.registerCharity(unverifiedCharity);

// Admin tries to verify charity

vm.prank(admin);

vm.expectRevert(bytes("Only admin can verify"));

registryContract.verifyCharity(charity);

// Admin tries to change admin address

vm.prank(admin);

vm.expectRevert(bytes("Only admin can change admin"));

registryContract.changeAdmin(admin);

}

Impact

If not checked for zero address, the admin address or registry address could accidentally be set to the zero address. In case for the registry, this might not be critical as the registry can be updated afterwards. However, for the admin address, this could lead to a situation where admin functions are not accessible anymore without the ability to fix it by calling the CharityRegistry::changeAdmin.

Tools Used

Foundry, Aderyn, Slither, manual review

Recommendations

Check for address(0) when assigning values to address state variables. For example:

function changeAdmin(address newAdmin) public {

require(msg.sender == admin, "Only admin can change admin");

+ require(newAdmin != address(0), "CharityRegistry: new admin is the zero address");

admin = newAdmin;

}

Updates

Lead Judging Commences

n0kto Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.