Message can be over written when written at the same time
Summary
The Soulmate contracts allow paired soulmates to send messages to each other leveraging a mapping data structure. However, this mapping can only store one message at a time. If both users send messages in close succession, there is a risk of message overwrite and data loss.
Vulnerability Details
The messaging system in Soulmate uses a mapping like:
This can only record one message string per nextID at any time.
If User A sends a message, then User B quickly sends a message afterwards, User B's message will overwrite User A's in this structure. The original message from User A is permanently lost.
Impact
The messaging system overwriting has the following consequences:
Soulmate users can lose message data
Conversation history integrity degrades for users
Overwriting prevents context and ruins user experience
This fails to meet user messaging expectations.
Tools Used
Manual Review
Recommendations
To support persistent conversational history without message loss:
Change data structure to store an array of messages per soulmate pairing, appending new messages chronologically
Build logic to handle concurrent writes to this structure safely
Look into event streams for off-chain message persistence
This would enable reliable messaging without fear of data loss.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.