[H-02] `CharityRegistry::isVerified()` incorrectly checks if a charity was verified by the admin making it possible to donate to a charity that was not approved by the admin
[H-02] CharityRegistry::isVerified() incorrectly checks if a charity was verified by the admin making it possible to donate to a charity that was not approved by the admin
Description:
The function CharityRegistry::isVerified() instead of checking the verifiedCharities map, checks if a charity was registered or not. This makes it possible for a donation to happen to a charity that was not approved by the admin.
Impact:
The protocol is seriously broken since it is possible to donate to an unregistered charity.
Proof of Concept:
The test fails. The revert never happens because the CharityRegistry::isVerified() call in the function charityContract.donate() passed.
Note: it is necessary to fix the error in my previous finding to have the testCannotDonateToUnverifiedCharity fail.
Recommended Mitigation:
Instead of CharityRegistry::isVerified() checking the registeredCharities, it should check the verifiedCharities as follows:
Tools Used
Manual review
Lead Judging Commences
finding-isVerified-return-registered-charities
Likelyhood: High, the function returns registered charities instead of verified ones. Impact: High, Any charities can be registered by anyone and will be declared as verified by this function bypassing verification.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.