The isVerified
function in the CharityRegistry
contract contains incorrect logic that may cause unverified charities to be incorrectly identified as verified. This function currently checks if a charity is registered, not if it is verified, which could allow unverified charities to appear eligible to receive donations.
The isVerified
function in the CharityRegistry
contract is intended to check if a charity has been verified by the admin. However, it currently checks the registeredCharities
mapping instead of the verifiedCharities
mapping:
This logic error means that any registered charity will be considered "verified," even if the admin has not verified it. This could allow unverified charities to be mistakenly recognized as eligible to receive donations, bypassing the verification process.
Allowing unverified charities to appear verified undermines the donation process by making funds accessible to unapproved entities. This could lead to potential misuse of funds, as unverified charities might receive donations they were not meant to access.
Manual review.
Modify the isVerified
function to check the verifiedCharities
mapping instead of registeredCharities
, ensuring only charities marked as verified by the admin are eligible for donations.
Suggested Fix:
This change ensures that only charities marked as verified by the admin can be considered eligible for donations, maintaining the integrity of the verification process and the security of donor funds.
Likelyhood: High, the function returns registered charities instead of verified ones. Impact: High, Any charities can be registered by anyone and will be declared as verified by this function bypassing verification.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.