GivingThanks

Summary

The contract allows the owner to update the registry address through the updateRegistry function. However, without verifying the integrity of the new registry contract or adding stricter checks, an attacker or an untrusted party could potentially set the registry address to a malicious contract, which could compromise the functionality and security of the contract.

Vulnerability Details

The updateRegistry function is publicly accessible and allows the contract owner to change the address of the CharityRegistry contract. While the function is restricted to the owner via the onlyOwner modifier, no additional checks ensure that the new registry contract is a legitimate, verified contract. This leaves the contract vulnerable to being pointed to a malicious or compromised CharityRegistry contract.

Impact

If an attacker or unauthorized user gains access to the contract owner account, they could update the registry address to a malicious contract. This would allow the attacker to manipulate the behavior of the donation process (e.g., validating fake charities), potentially leading to funds being redirected to malicious entities. This could result in financial loss and loss of trust in the contract.

Tools Used

Manual code review

Recommendations

To secure the updateRegistry function, add the onlyOwner modifier to restrict access to the contract owner, check that the new registry address is a contract using Address.isContract, and emit an event (e.g., RegistryUpdated) to provide transparency for any registry changes. This approach minimizes the risk of setting an invalid or malicious registry address and makes updates traceable.

Here's the revised function: