GivingThanks
First Flight #28
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

[H-1] Incorrect Initialization of `registry` in `GivingThanks::constructor`.

affanimran1303

Description:

The GivingThanks::constructor currently sets registry=CharityRegistry(msg.sender); instead of using _registry i.e. initialized as a parameter in the constructor.

Impact:

This makes the register variable inaccurate or unusable for verifying charities and might cause unexpected behavior.

Proof Of Code:

This test will verify if the registry correctly points to the intended CharityRegistry address.

function test_RegistryInitialization() public {
address charityRegistryAddress = address(new CharityRegistry());
GivingThanks givingThanks = new GivingThanks(charityRegistryAddress);
// Verify if the registry address matches the input
assertEq(address(givingThanks.registry()), charityRegistryAddress, "Registry address should match constructor input.");
}

Tools Used:

Foundry

Recommended Mitigation:

Update the GivingThanks::constructor to correctly initialize the registry with the _registry parameter in place of msg.sender

constructor(address _registry) ERC721("DonationReceipt", "DRC") {
registry = CharityRegistry(_registry); // Correct assignment
owner = msg.sender;
tokenCounter = 0;
}
Updates

Lead Judging Commences

n0kto Lead Judge 10 months ago
Submission Judgement Published
Validated
Assigned finding tags:

finding-bad-registry-set-at-construction

Likelyhood: High, the parameter is not well used and won't be set. Impact: Low, can be changed with the setter and no one will be able to donate to malicious charity.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.