Missing remove verified charity function
Summary
The contract includes functionality for registering and verifying charity addresses but lacks a mechanism to remove or revoke the verification status of a charity. This can lead to situations where a previously verified charity that should no longer be trusted remains verified indefinitely.
Impact
If a verified charity's status changes (e.g., it becomes non-compliant or fraudulent), the contract admin has no way to update or revoke its verification. This could mislead users who rely on the isVerified() function for validation.
Tools Used
Manual review
Recommendations
Implement a function that allows the admin to remove the verification status of a charity. This function should include proper access control and event emission.
Lead Judging Commences
finding-no-removal-function-for-malicous-charity-updates
Likelyhood: Low/Medium, charities can process an upgrade including a new unverified codebase. Impact: High, a charity can upgrade with bad function and bypass the verification process
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.