First Flight #9: Soulmate
First Flight #9
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

Not Resetting soulmateOf Mapping After Divorce

yourguyd3v

High

[H-1] Soulmate::getDivorced Not Resetting soulmateOf Mapping After Divorce

Description: In the Soulmate::getDivorced() function of the Soulmate contract, the Soulmate::soulmateOf mapping is not reset after a couple gets divorced. This means that even after divorce, the mapping still retains the soulmate relationship between the two parties, potentially leading to incorrect behavior or inconsistencies in the application logic.

Impact: The failure to reset the soulmateOf mapping after divorce could lead to unexpected behavior when querying the soulmate relationship between users. This inconsistency could cause confusion or errors in the application logic and could potentially allow users to exploit the system by falsely claiming soulmate relationships.

Proof of Concept:

Suppose soulmate1 and soulmate2 are soulmates and are represented by their addresses.

  1. soulmate1 and soulmate2 get married, and their soulmate relationship is recorded.

  2. soulmate1 and soulmate2 decide to divorce by calling the getDivorced() function.

  3. The soulmateOf mapping is not reset, so both soulmate1 and soulmate2 still have each other as soulmates.

  4. However, they are now divorced, which leads to inconsistencies in the application logic.

Past this code in SoulmateTest.t.sol:

PoC
function testGetDivorcedNotResetingsoulmateOf() public {
assert(soulmateContract.soulmateOf(address(soulmate1)) != address(soulmate2));
vm.prank(soulmate1);
soulmateContract.mintSoulmateToken();
vm.prank(soulmate2);
soulmateContract.mintSoulmateToken();
assertTrue(soulmateContract.soulmateOf(address(soulmate1)) == address(soulmate2));
vm.startPrank(soulmate1);
soulmateContract.getDivorced();
assertEq(soulmateContract.isDivorced(), true);
vm.stopPrank();
assertTrue(soulmateContract.soulmateOf(address(soulmate1)) == address(soulmate2));
}

Recommended Mitigation:

In the getDivorced() function, ensure that the soulmateOf mapping is reset for both parties involved in the divorce. This ensures that after divorce, the soulmate relationship is cleared, and the application maintains consistency in its state.

function getDivorced() public {
address soulmate2 = soulmateOf[msg.sender];
divorced[msg.sender] = true;
divorced[soulmateOf[msg.sender]] = true;
// Reset the soulmate relationship for both parties
+ delete soulmateOf[msg.sender];
+ delete soulmateOf[soulmate2];
// Emit the event indicating the divorce
emit CoupleHasDivorced(msg.sender, soulmate2);
}
Updates

Lead Judging Commences

0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.