The updateRegistry(address _registry) function has no access control.
Summary
The updateRegistry function in the GivingThanks contract allows anyone to change the address of the CharityRegistry contract, as it lacks access control. This vulnerability can lead to unauthorized modifications, allowing a malicious user to replace the registry address with their own contract, thus gaining control over which charities are considered valid and potentially redirecting funds to unverified addresses.
Vulnerability Details
The updateRegistry function lacks any access control checks, such as onlyOwner, allowing any caller to change the registry address to an arbitrary one:
Without restrictions, any user can call updateRegistry, effectively replacing the CharityRegistry address. This enables a malicious user to:
Redirect donations to unverified addresses.
Manipulate the verification logic by introducing a registry that might approve any address as a "verified charity."
Impact
This vulnerability poses a severe security risk:
Unauthorized Modification of Critical Contract Logic: By replacing the registry, a malicious user can modify which addresses are considered verified, which can lead to unauthorized redirection of donations.
Financial Exploitation: The attacker could direct funds to a fake charity registry and mark arbitrary addresses as "verified," receiving unauthorized donations.
Tools Used
Recommendations
Implement Access Control: Restrict access to updateRegistry by adding an access control modifier, such as onlyOwner, to ensure that only the contract owner can update the registry address.
Lead Judging Commences
finding-anyone-can-change-registry
Likelyhood: High, anyone can change it at anytime Impact: High, can bypass the verification process
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.