GivingThanks

First Flight #28
Beginner FriendlyFoundry
100 EXP
View results
Submission Details
Severity: high
Valid

Incorrect Logic in isVerified Function

Summary

The isVerified function in the CharityRegistry contract contains incorrect logic that may cause unverified charities to be incorrectly identified as verified. This function currently checks if a charity is registered, not if it is verified, which could allow unverified charities to appear eligible to receive donations.

Vulnerability Details

The isVerified function in the CharityRegistry contract is intended to check if a charity has been verified by the admin. However, it currently checks the registeredCharities mapping instead of the verifiedCharities mapping:

function isVerified(address charity) public view returns (bool) {
return registeredCharities[charity];
}

This logic error means that any registered charity will be considered "verified," even if the admin has not verified it. This could allow unverified charities to be mistakenly recognized as eligible to receive donations, bypassing the verification process.

Impact

Allowing unverified charities to appear verified undermines the donation process by making funds accessible to unapproved entities. This could lead to potential misuse of funds, as unverified charities might receive donations they were not meant to access.

Tools Used

Manual review.

Recommendations

Modify the isVerified function to check the verifiedCharities mapping instead of registeredCharities, ensuring only charities marked as verified by the admin are eligible for donations.

Suggested Fix:

function isVerified(address charity) public view returns (bool) {
return verifiedCharities[charity];
}

This change ensures that only charities marked as verified by the admin can be considered eligible for donations, maintaining the integrity of the verification process and the security of donor funds.

Updates

Lead Judging Commences

n0kto Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

finding-isVerified-return-registered-charities

Likelyhood: High, the function returns registered charities instead of verified ones. Impact: High, Any charities can be registered by anyone and will be declared as verified by this function bypassing verification.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.