First Flight #9: Soulmate
First Flight #9
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

`Soulmate::getDivorced` function is not resetting the state changes, restricting a soulmate from finding a new one, which disrupts the protocol's main functionality.

dimah7

Summary

If a lover matches with another one, then decides to call Soulmate::getDivorced function. He will still not able to mint himself a new Soulmate NFT and search for another soulmate, due to the fact that getDivorced function is not resetting any state changes made. This is crutial, because it makes the protocol totally unusable for users who already have participated and searching for new match.

Vulnerability Details

Add the following in the SoulmateTest.t.sol file:

function testCantSearchForNewSoulmate() public {
_mintOneTokenForBothSoulmates();
vm.startPrank(soulmate1);
soulmateContract.getDivorced();
assert(soulmateContract.isDivorced());
vm.expectRevert(abi.encodeWithSelector(Soulmate.Soulmate__alreadyHaveASoulmate.selector, soulmate2));
soulmateContract.mintSoulmateToken();
vm.stopPrank();
}

Impact

High: Makes the protocol's main functionality unusable for old users.

Tools Used

Manual Review, Foundry

Recommendations

Consider resetting the Soulmate::ownerToId mapping for both soulmates:

function getDivorced() public {
address soulmate2 = soulmateOf[msg.sender];
divorced[msg.sender] = true;
divorced[soulmateOf[msg.sender]] = true;
+ address soulmateTwo = soulmateOf[msg.sender];
+ soulmateOf[msg.sender] = address(0);
+ soulmateOf[soulmateTwo] = address(0);
emit CoupleHasDivorced(msg.sender, soulmate2);
}
Updates

Lead Judging Commences

0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.