[M-1] Logical error in CharityRegistry::isVerified() function, leads to incorrect response
Summary
The CharityRegistry::isVerified() function checks for charities verification status. The function will return 'true' or 'false' on whether the charity is verified. However, there is a logical flaw in the function that will not return the correct response on whether the charity is verified or not.
Vulnerability Details
The CharityRegistry::isVerified() function is supposed to be returning the 'verifiedCharities' mapping, but instead it is returning the 'registeredCharities' mapping.
Impact
This logical error may lead to incorrect responses when checking if a charity is verified.
E.g:
Charity is registered = True.
Charity is verified = False
CharityRegistry::isVerified() returns the mapping of 'registeredCharities', which in this case will return 'True'
Incorrect response misleading user of their true charity verification status.
Tools Used
Manual code review
Recommendations
Update the return statement to return the correct mapping 'verifiedCharities'.
Lead Judging Commences
finding-isVerified-return-registered-charities
Likelyhood: High, the function returns registered charities instead of verified ones. Impact: High, Any charities can be registered by anyone and will be declared as verified by this function bypassing verification.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.