GivingThanks

First Flight #28

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

[H-2] `CharityRegistry::isVerified` checks if a charity is registered instead of verified, causing that you can donate to unverified charities

jumpupjoran

IMPACT:High
Likelihood:high/medium

Summary

The isVerified function checks if a charity is registered instead of verified, this function is later used in GivingThanks::donate to check if the charity has been verified. Causing that people can donate funds to an unverified charity while they think it is verified.

Vulnerability Details

found in line 24 in CharityRegistry.sol

function isVerified(address charity) public view returns (bool) {

@> return registeredCharities[charity];

}

and in following code you can see how donate uses this to check if its verified

function donate(address charity) public payable {

@> require(registry.isVerified(charity), "Charity not verified");

(bool sent,) = charity.call{value: msg.value}("");

require(sent, "Failed to send Ether");

_mint(msg.sender, tokenCounter);

// Create metadata for the tokenURI

string memory uri = _createTokenURI(msg.sender, block.timestamp, msg.value);

_setTokenURI(tokenCounter, uri);

tokenCounter += 1;

}

Impact

All registered charities show up as verified, causing that donators think a charity is verified while it actually isnt, this is a severe mistake in the functionality of the protocol

Tools Used

Manual review

Recommendations

check if it is verified instead of registered in theisVerified function

function isVerified(address charity) public view returns (bool) {

- return registeredCharities[charity];

+ return verifiedCharities[charity];

}

Updates

Lead Judging Commences

n0kto Lead Judge 7 months ago

Submission Judgement Published

Validated

Assigned finding tags:

finding-isVerified-return-registered-charities

Likelyhood: High, the function returns registered charities instead of verified ones. Impact: High, Any charities can be registered by anyone and will be declared as verified by this function bypassing verification.

Rewards breakdown

nSLOC

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.