GivingThanks

Summary

In the GivingThanks contract, the updateRegistry function allows any external address to change the registry reference to an arbitrary CharityRegistry address. This creates a critical security risk, as unauthorized actors can modify the contract’s registry, redirecting donations or bypassing intended charity verification. Since this function lacks access control, it undermines the security and trustworthiness of the GivingThanks contract, potentially leading to loss of funds or misdirection of donations.

Vulnerability Details

The vulnerable function is implemented as follows:

This function lacks any form of access control, allowing any address to call updateRegistry and assign an arbitrary address as the registry. Malicious actors could exploit this to change the registry to a contract they control, potentially allowing unverified or unauthorized charities to receive donations or enabling fraudulent behavior. This bypasses the intended verification checks on charities, severely impacting the integrity of the donation system.

Impact

This vulnerability allows unauthorized users to modify the GivingThanks contract’s reference to the charity registry, creating risks of fund misdirection and loss of contract functionality. Attackers can set the registry to an address without proper verification mechanisms, enabling them to bypass intended checks on donations. This could result in donations going to unverified entities or malicious actors, posing a significant risk to users and undermining the credibility of the donation platform.

Tools Used

Manual code review: Identified missing access control in updateRegistry.
Foundry testing: Simulated unauthorized registry updates to demonstrate the risk and potential for abuse.

Recommendations

mplement access control: Restrict the updateRegistry function to the contract owner or authorized administrators to prevent unauthorized modifications. For example, by using OpenZeppelin’s Ownable contract: