Submission Details
Severity:
Incorrect instantiating of constructor
Summary
The contract address of the registry is not being passed to the CharityRegistry contract in the constructor.
Vulnerability Details
Bug code below:
constructor(address _registry) ERC721("DonationReceipt", "DRC") {
registry = CharityRegistry(msg.sender);
owner = msg.sender;
tokenCounter = 0;
}
Solution
constructor(address _registry) ERC721("DonationReceipt", "DRC") {
registry = CharityRegistry(_registry); // first bug is here _registry constarct address show be passed not owner
owner = msg.sender;
tokenCounter = 0;
}
Impact
Interaction with GivenThanks would always fail as msg.sender is not the contract address of the CharityRegistry.
Tools Used
Foundry Test
Recommendations
Write a view function to always verify the CharityRegistry contract is the intended one:
function getCharityRegistryContract ()public view returns(address){
return address(registry);
}
Updates
Lead Judging Commences
n0kto 7 months ago
Submission Judgement Published Assigned finding tags:
finding-bad-registry-set-at-construction
Likelyhood: High, the parameter is not well used and won't be set. Impact: Low, can be changed with the setter and no one will be able to donate to malicious charity.
Rewards breakdown
nSLOC
67This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.