GivingThanks

Summary

The isVerified() function in the CharityRegistry contract is intended to check if a charity is verified, but it currently returns the status of the charity's registration instead, which does not accurately represent the verification status.

Vulnerability Details

The isVerified() function is supposed to check if a given charity has been verified by the contract's admin. However, the function's implementation returns the value from the registeredCharities mapping, which only indicates whether the charity has been registered, not whether it has been verified.

This means that the isVerified() function does not actually check the verification status of the charity, and instead, it simply returns the registration status. This inconsistency between the function's name and its behavior could lead to confusion and potential misuse of the contract's functionality.

Impact

The incorrect implementation of the isVerified() function can lead to users, donors, and other stakeholders receiving inaccurate information about the verification status of charities, potentially causing issues with trust and confidence in the CharityRegistry. Additionally, if other parts of the contract or external systems rely on the output of the isVerified() function, they may make decisions or take actions based on this inaccurate information, resulting in unintended consequences.

Tools Used

• Manual Code Review

Recommendations

Update the isVerified() function to return the value from the verifiedCharities mapping instead of registeredCharitieslike this: