CharityRegistry.isVerified(address): returns wrong address
Summary
The function CharityRegistry.isVerified(address) returns a registered charity.
Vulnerability Details
The function CharityRegistry.isVerified(address) returns the registered charity. No information is given as to whether the charity has been verified.
Impact
The 'CharityRegistry.isVerified(address)' function is used to check whether a charity is eligible to receive donations. Instead of returning a verified charity, this function only returns a registered charity, which anyone can do. This may result in unverified charities receiving donations from participants who are unaware of the error.
Tools Used
Manual review
Recommendations
Correct the CharityRegistry.isVerified(address) as follows:
Lead Judging Commences
finding-isVerified-return-registered-charities
Likelyhood: High, the function returns registered charities instead of verified ones. Impact: High, Any charities can be registered by anyone and will be declared as verified by this function bypassing verification.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.