Summary

The isVerified function in the CharityRegistry contract contains incorrect logic that may cause unverified charities to be incorrectly identified as verified. This function currently checks if a charity is registered, not if it is verified, which could allow unverified charities to appear eligible to receive donations.

Vulnerability Details

The isVerified function in the CharityRegistry contract is intended to check if a charity has been verified by the admin. However, it currently checks the registeredCharities mapping instead of the verifiedCharities mapping:

This logic error means that any registered charity will be considered "verified," even if the admin has not verified it. This could allow unverified charities to be mistakenly recognized as eligible to receive donations, bypassing the verification process.

Impact

Allowing unverified charities to appear verified undermines the donation process by making funds accessible to unapproved entities. This could lead to potential misuse of funds, as unverified charities might receive donations they were not meant to access.

Tools Used

Manual review.

Recommendations

Modify the isVerified function to check the verifiedCharities mapping instead of registeredCharities, ensuring only charities marked as verified by the admin are eligible for donations.

Suggested Fix:

This change ensures that only charities marked as verified by the admin can be considered eligible for donations, maintaining the integrity of the verification process and the security of donor funds.