Not verfiied charities might be donated
Summary
User can create charity using CharityRegistry::registerCharity function. Then, the charity is saved in CharityRegistry::verifiedCharities mapping. Admin can verify this charity with CharityRegistry::verifyCharity function, and then charity can be donated.
Vulnerability Details
Function CharityRegistry::isVerified checks if charity has been verified by the admin. This function should check if CharityRegistry::registeredCharitymapping contain the charity address. However in this function is used wrong mapping, only checks if charity is registered.
Impact
Charities not verified by admin but only registered might be donated.
Tools Used
Manual review
Recommendations
Change mapping as below.
Lead Judging Commences
finding-isVerified-return-registered-charities
Likelyhood: High, the function returns registered charities instead of verified ones. Impact: High, Any charities can be registered by anyone and will be declared as verified by this function bypassing verification.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.