Function CharityRegistry:: isVerified uses a wrong mapping to get a status of the charity address.
Summary
A configuration error in the mapping within the isVerified function leads to inaccurate information being provided to users regarding the verification status of charity addresses.
Vulnerability Detais
The function isVerified incorrectly checks if an address has been registered but not verified, leading to potential misrepresentation of charity address verification statuses.
Impact
The function isVerified incorrectly returns a wrong verification status, resulting in all registered addresses being mistakenly considered verified and thereby bypassing the intended administrative verification stage.
Tools Used
Manual code review
Recommendations
Apply the right mapping:
Lead Judging Commences
finding-isVerified-return-registered-charities
Likelyhood: High, the function returns registered charities instead of verified ones. Impact: High, Any charities can be registered by anyone and will be declared as verified by this function bypassing verification.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.