GivingThanks

First Flight #28

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

`CharityRegistry::isVerified` Returns Incorrect Verification State, Enabling Unverified Charities to Receive Donations

icon0x

Summary

Vulnerability Details

The CharityRegistry::isVerified function incorrectly returns the registered state instead of the verified state, allowing unverified charities to be recognized as verified. This vulnerability is exploited in the GivingThanks::donate function, which uses CharityRegistry::isVerified to accept donations, resulting in unverified charities receiving funds.

Here's the incorrect data state:

function isVerified(address charity) public view returns (bool) {

@> return registeredCharities[charity];

}

Impact

This vulnerability allow unverified charities receive donation.

Tools Used

Manual Review

Proof of Concept

The following Foundry test demostrate how unverified charity receive donations.

function test_UnverifiedCharityReceiveDonation() public {

address unverifiedCharity = address(0x4);

// Unverified charity registers but is not verified

vm.prank(unverifiedCharity);

registryContract.registerCharity(unverifiedCharity);

// Fund the donor

vm.deal(donor, 10 ether);

// Donor tries to donate to unverified charity

vm.prank(donor);

charityContract.donate{value: 1 ether}(unverifiedCharity);

assertEq(unverifiedCharity.balance, 1 ether);

}

Recommendations

To fix this, the CharityRegistry::isVerified function should be updated to accurately check and return the verified state from the correct mapping.

function isVerified(address charity) public view returns (bool) {

- return registeredCharities[charity];

+ return verifiedCharities[charity];

}

Updates

Lead Judging Commences

n0kto Lead Judge 10 months ago

Submission Judgement Published

Validated

Assigned finding tags:

finding-isVerified-return-registered-charities

Likelyhood: High, the function returns registered charities instead of verified ones. Impact: High, Any charities can be registered by anyone and will be declared as verified by this function bypassing verification.

Rewards breakdown

nSLOC

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.