`Soulmate1` can block `soulmate2` to claim their reward
Summary
Users can exploit the 'getDivorced()' function to prevent their soulmate from claiming rewards. This vulnerability arises from the fact that invoking 'getDivorced()' sets a flag indicating divorce, which subsequently prevents the soulmate from claiming rewards, even if they are entitled to them.
Vulnerability Details
The 'getDivorced()' function, which sets the 'divorced' flag for both parties involved in the relationship. Once this flag is set, it prevents either party from claiming rewards from the contract, regardless of their entitlement. This allows one party to intentionally prevent the other party from receiving rewards by invoking the 'getDivorced()' function.
Impact
soulmate1 who exploit this vulnerability can unfairly deny rewards to their partner, potentially leading to the loss of soulmate2
Tools Used
manual
Recommendations
It is recommended tjat the 'getDivorced()' function should be modified to ensure that it does not interfere with the reward claiming process. One approach could be to separate the divorce functionality from the reward system, allowing soulmates to claim rewards independently of their relationship status.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.