Divorced couple will never be able to find new soulmate
Summary
The 'getDivorced()' function in the smart contract lacks the deletion of the soulmate's address mapping, creating a vulnerability where one party can unilaterally force a divorce without the other's consent. This can result in both parties being unable to find another soulmate, effectively locking them out of the relationship management system.
Vulnerability Details
The vulnerability arises from the failure to remove the mapping of the soulmate's address when a divorce is initiated. This flaw allows for an attack scenario where one party intentionally divorces the other, forcing them into divorce without consent. As a result, both parties' addresses remain mapped as divorced, preventing them from finding new soulmates.
Impact
it effectively denies both parties the ability to find new soulmates within the system.
Tools Used
Manual
Recommendations
It is recommended that the 'getDivorced()' function should include the deletion of the soulmate's address mapping when a divorce is initiated. This ensures that both parties' addresses are correctly updated and allows them to participate in the system again.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.