Incorrect Address Assignment in Constructor of `Giving Thanks Contract` Leading to Contract Misconfiguration
Summary
when initializing the registry variable, where msg.sender was mistakenly passed instead of the _registry parameter. This causes the registry variable to reference the wrong address, leading to potential failures when interacting with the intended CharityRegistry contract.
Vulnerability Details
In the constructor, an incorrect parameter (msg.sender) was assigned to the registry variable instead of the intended _registry address. This error can lead to the contract misinterpreting the address of the CharityRegistry contract, causing failures in any functions that depend on a valid registry reference.
Impact
If the incorrect address (msg.sender) is assigned to registry:
Calls to CharityRegistry via registry will not function as expected, potentially leading to contract failures, unintended behavior, or errors.
Contract interactions reliant on a valid registry address will fail, impacting the overall reliability and functionality of the contract.
Tools Used
Manual
Recommendations
Lead Judging Commences
finding-bad-registry-set-at-construction
Likelyhood: High, the parameter is not well used and won't be set. Impact: Low, can be changed with the setter and no one will be able to donate to malicious charity.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.