Incorrect Verification Logic in isVerified Function
Summary
The isVerified function in the CharityRegistry contract incorrectly returns the mapping of registeredCharities instead of the verifiedCharities one. This flaw allows unverified charities to receive donations, bypassing the intended verification process.
Vulnerability Details
In CharityRegistry.sol, the isVerified function is implemented as follows:
This function checks if a charity is registered but does not confirm if it has been verified by the admin. Consequently, any registered charity, even without verification, can receive donations.
Impact
This vulnerability undermines the protocol's integrity by allowing unverified charities to receive funds, potentially leading to misallocation of donations and erosion of donor trust.
Tools Used
Manual code review.
Recommendations
Modify the isVerified function to return the verification status of a charity:
This change ensures that only charities verified by the admin through the verifyCharity function are eligible to receive donations.
Lead Judging Commences
finding-isVerified-return-registered-charities
Likelyhood: High, the function returns registered charities instead of verified ones. Impact: High, Any charities can be registered by anyone and will be declared as verified by this function bypassing verification.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.