GivingThanks
First Flight #28
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

`isVerified::CharityRegistry` makes wrong call and returns registered charities(not verified) as true

vabs10

Description:

The isVerified::CharityRegistry function checks the registeredCharities mapping instead of verifiedCharities. This causes the function to return true for unverified charities

Impact:

Users may donate to unverified charities, thinking they are legitimate, which could lead to misuse or loss of funds.

Proof of Concept:

CharityRegistry.sol:

function registerCharity(address charity) public {
registeredCharities[charity] = true;
}
function isVerified(address charity) public view returns (bool) {
-> return registeredCharities[charity];
}

GivingThanks.sol

function donate(address charity) public payable {
-> require(registry.isVerified(charity), "Charity not verified");
(bool sent,) = charity.call{value: msg.value}("");
require(sent, "Failed to send Ether");
_mint(msg.sender, tokenCounter);
// Create metadata for the tokenURI
string memory uri = _createTokenURI(msg.sender, block.timestamp, msg.value);
_setTokenURI(tokenCounter, uri);
tokenCounter += 1;
}

Recommended Mitigation:

Update the isVerified::CharityRegistry function to check the verifiedCharities mapping.

Updates

Lead Judging Commences

n0kto Lead Judge 10 months ago
Submission Judgement Published
Validated
Assigned finding tags:

finding-isVerified-return-registered-charities

Likelyhood: High, the function returns registered charities instead of verified ones. Impact: High, Any charities can be registered by anyone and will be declared as verified by this function bypassing verification.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.