Incorrect Verification logic in `CharityRegistry::isVerified` function
Summary
The logic in the CharityRegistry::isVerified function is incorrect; it does not check if the charity is verified, only if it is registered.
Vulnerability Details
The function will always return True as long as the charity is registered. This verification should be performed by the admin (who deploys the CharityRegistry contract) who determines if a charity is legitimate or not, and only if it is, it will be eligible to receive donations. But with this logic flaw any registered charity will be considered verified by default.
Impact
Any registered charity will be considered verified, allowing unverified charities to receive donations, specially malicious ones.
Tools Used
Foundry, Remix
Recommendations
Modify the CharityRegistry::isVerified function to check if a charity is actually verified, not just registered.
Lead Judging Commences
finding-isVerified-return-registered-charities
Likelyhood: High, the function returns registered charities instead of verified ones. Impact: High, Any charities can be registered by anyone and will be declared as verified by this function bypassing verification.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.