GivingThanks
First Flight #28
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

The user can change the `registry` at will

linmiaomiao

Summary

the updateRegistryfunction of GivingThanks.sol lack access control of ownerrole, anyone can change registry at will.

Vulnerability Details

in the updateRegistryfunction of GivingThanks.sol , it change the registry but don't need ownerrole.

function updateRegistry(address _registry) public {//任何人都可以修改registry
registry = CharityRegistry(_registry);
}

Impact

Since anyone can modify the registry, the charity check in the donate function will be ineffective:

function donate(address charity) public payable {
require(registry.isVerified(charity), "Charity not verified");
......
}

An attacker can modify the registry and donate to any address (even donating to themselves) to receive the corresponding issued ERC721 tokens.

Tools Used

foundry

Recommendations

Add a permission check to the updateRegistry function, like this:

function updateRegistry(address _registry) public {
require(msg.sender == owner);
registry = CharityRegistry(_registry);
}
Updates

Lead Judging Commences

n0kto Lead Judge 12 months ago
Submission Judgement Published
Validated
Assigned finding tags:

finding-anyone-can-change-registry

Likelyhood: High, anyone can change it at anytime Impact: High, can bypass the verification process

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.