Incorrect Verification Logic in `isVerified` Function
Description
The isVerified function is intended to check if a charity is verified. However, it currently checks the registeredCharities mapping instead of the verifiedCharities mapping. This means that the function will return true for any charity that is registered, regardless of whether it has been verified by the admin. This can lead to incorrect assumptions about the status of charities.
Code Snippet
Impact
Misleading Information: Users querying the verification status of a charity will receive inaccurate results, potentially leading to trust issues and misuse of the charity's status.
Security Risks: If the system relies on the verification status for critical operations (e.g., allowing donations), this flaw could result in funds being directed to unverified charities.
Recommendation
Update the isVerified function to check the verifiedCharities mapping instead of the registeredCharities mapping. This will ensure that only charities that have been verified by the admin are considered verified.
Lead Judging Commences
finding-isVerified-return-registered-charities
Likelyhood: High, the function returns registered charities instead of verified ones. Impact: High, Any charities can be registered by anyone and will be declared as verified by this function bypassing verification.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.