Logic error in `CharityRegistry::isVerified` function, that returns `registeredCharities[charity]` instead of `verifiedCharities[charity]`
Summary
CharityRegistry::isVerified function is responsible to return charity address, that is verified by admin. But it returns charity address, that enough to be just registered, that allow a donor to donate to charity, that might be not verified.
Additionally, donators would donate to charities, that might be malicious, but thinking they donate to verified charities.
Vulnerability Details
Donator choose charity for donation.
Donator donate money to a charity, assured donating to the verified charity.
Proof of Code
Place the following code to the GivingThanks.t.sol
Impact
This issue impact on donors, that assured that they donate to verified charities, but in the end to donate not verified charities.
Tools Used
Manual, Foundry
Recommendations
There's a way how to mitigate this issue:
Lead Judging Commences
finding-isVerified-return-registered-charities
Likelyhood: High, the function returns registered charities instead of verified ones. Impact: High, Any charities can be registered by anyone and will be declared as verified by this function bypassing verification.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.