GivingThanks

Summary

The donate() function in GivingThanks.sol contains a critical flaw that allows unverified charities to receive donations. The function mistakenly checks whether the charity is registered in the CharityRegistry.sol contract, rather than verifying if the charity is properly verified. This allows any registered charity to accept donations, regardless of whether it has gone through the required verification process, potentially leading to misallocated funds, fraud, and a loss of donor trust.

Vulnerability Details

In the current implementation, the donate() function calls the isVerified() function from the CharityRegistry.sol contract. However, the isVerified() function mistakenly checks the registeredCharities mapping instead of the intended verifiedCharities mapping. This is a critical misconfiguration, as it allows any charity that is simply registered (even if not verified) to accept donations.

The intent was for isVerified() to verify that the charity is both registered and verified through a separate verifiedCharities mapping. As a result, any charity registered in the system, whether verified or not, can bypass the necessary checks and receive donations.

Root Cause

The root cause is that the isVerified() function only checks if a charity is registered via registeredCharities[charity], not whether it has been verified via the verifiedCharities[charity] mapping. This oversight allows unverified charities to exploit the contract, receiving donations they should not be eligible for.

Impact

This is a critical bug with the following impacts:

• Fraudulent Fund Distribution: Unverified charities can illegally receive donations, potentially diverting funds meant for legitimate causes.

• Loss of Donor Trust: Donors rely on the platform to ensure that their contributions go to verified and trusted organizations. This vulnerability could severely damage the platform’s reputation.

• Legal and Ethical Concerns: The platform could face legal consequences if funds are donated to charities that are not vetted or verified, leading to accusations of mismanagement or fraud.

Tools Used

Manual Code Review: Identified through an in-depth review of the GivingThanks.sol contract and its interaction with the CharityRegistry.sol contract.

Recommendations

To address this critical issue, the following steps should be taken immediately:

1. Correct the Verification Check:

   • Modify the isVerified() function to correctly check the verifiedCharities mapping, ensuring that only verified charities can receive donations:

   function isVerified(address charity) public view returns (bool) {

   return verifiedCharities[charity]; // Correct check for verified charities

   }

   ​

2. Improve the donate() Function Logic:

   • Ensure that the donate() function relies on the updated isVerified() logic to check that the charity is both registered and verified before accepting donations:

   require(registry.isVerified(charity), "Charity not verified");

   ​

3. Implement Additional Verification Checks:

   • Consider implementing multi-layered verification processes, such as KYC (Know Your Charity) or third-party verification, to enhance the integrity of the platform and prevent any future loopholes.

4. Auditing and Testing:

   • After fixing this issue, perform a thorough security audit and testing (including unit tests and integration tests) to ensure that the donate() function properly interacts with the correct mappings and that no unverified charities can bypass the system.

By implementing these fixes, the platform can restore donor trust and ensure that donations are only directed to verified charities, which is crucial for maintaining the credibility of the system and protecting the financial interests of all stakeholders.