Inaccurate Verification Status in CharityRegistry
Summary
isVerified function returns incorrect mapping argument.
Vulnerability Details
In CharityRegistry::isVerified returns bool for incorrect mapping: The isVerified function is intended to return the verification status of a given charity address. However, it incorrectly uses the registeredCharities mapping instead of the verifiedCharities mapping. This results in the function returning the registration status instead of the verification status.
Impact
This vulnerability could lead to:
Unverified charities being incorrectly identified as verified.
Verified charities being incorrectly identified as unverified.
Confusion and distrust in the platform's verification process.
Tools Used
Manual review
Recommendations
CharityRegistry::isVerified returns bool for incorrect mapping: To rectify this issue, modify the isVerified function to use the verifiedCharities mapping. This will ensure that the function accurately reflects the verification status of a given charity.
Diff:
Lead Judging Commences
finding-isVerified-return-registered-charities
Likelyhood: High, the function returns registered charities instead of verified ones. Impact: High, Any charities can be registered by anyone and will be declared as verified by this function bypassing verification.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.