GivingThanks
First Flight #28
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Lack of Access Control in updateRegistry Function

conveloxy

Summary:

The GivingThanks contract is vulnerable to Access Control Issues in the updateRegistry function, which can allow any user to change the address(charity registry) to a contract without restriction which could lead to unauthorized control or access over the donation process.

Vulnerability Details:

There is lack of proper access control in the updateRegistry function in the GivingThanks contract:

function updateRegistry(address _registry) public {registry = CharityRegistry(_registry);}

  1. The function can be called by any user, since there is no onlyOwner or access control modifiers used.

  2. An attacker can call updateRegistry and set the registry to their own contract address.

  3. This malicious contract can then manipulate the outcome of the registry.isVerified(charity) check in the donate function to verify any given address falsely, then as a result, the attacker can direct donations to a false charity and completely withdraw the user funds.

Impact:

  1. Attacker can withdraw users' donations to a different address resulting in financial loss.

  2. Verification checks can be bypassed resulting to donation received by a different address.

Tools Used:

  1. Manual review of code to identify access control issues and attacks.

  2. Slither was used to detect access control issues.

Recommendations:

Introduce Access Control:

function updateRegistry(address _registry) public onlyOwner {registry = CharityRegistry(_registry);}

```

Updates

Lead Judging Commences

n0kto Lead Judge 9 months ago
Submission Judgement Published
Validated
Assigned finding tags:

finding-anyone-can-change-registry

Likelyhood: High, anyone can change it at anytime Impact: High, can bypass the verification process

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.