First Flight #9: Soulmate
First Flight #9
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Soulmate.sol - writeMessage / ReadMessage overwrite before view.

kryptonomousB

Summary

When soulmateA leaves a message, the messages can be overwritten by a new message from either Soulmate A or SoulmateB. There is no assurance that the message was view or who the message was from. *Also the formatting is odd with the niceWords at the end. IE:

====================================
DEFAULT MESSAGE APPEARS AS: , darling <-- no message set
soulmate1 sets message "Message 1a"
soulmate1 views MSG: "Message 1a, my dear"
**soulmate2 does not check message**
soulmate2 sets a message "Message 1b"
soulmate1 Checks MSG: "Message 1b, honey"
soulmate2 Checks MSG: "Message 1b, honey"
====================================

Vulnerability Details

Messages will missed or overwritten and possibly cause a divorce.

Impact

Confusion in messaging or missed messages or sad times.

Tools Used

HardHat

Recommendations

add a new uint256 sharedSpaceId and a new mapping mapping(address owner => uint256 id) public sharedSpaceToId to keep the address to ID. Then in writeMessageInSharedSpace() leave message in sharedSpace[sharedSpaceId] instead. Also update the readMessageInSharedSpace() to load sharedSpaceToId[msg.sender] . This will ensure that the messages that are being read are from the other soulmate and will not overwrite the others message - only your own.

mapping(address owner => uint256 id) public sharedSpaceToId;///<---add
uint256 public sharedSpaceId;; ///<---add
////======== in mintSoulmateTokenFunction() =======//
[previous code]
if (soulmate != address(0)) {
revert Soulmate__alreadyHaveASoulmate(soulmate);
}
address soulmate1 = idToOwners[nextID][0];
address soulmate2 = idToOwners[nextID][1];
if (soulmate1 == address(0)) {
idToOwners[nextID][0] = msg.sender;
ownerToId[msg.sender] = nextID;
sharedSpaceToId[msg.sender] = sharedSpaceId; //<--- store sharedSpaceToId
sharedSpaceId++; //<--- increment sharedSpaceId
emit SoulmateIsWaiting(msg.sender);
} else if (soulmate2 == address(0)) {
idToOwners[nextID][1] = msg.sender;
// Once 2 soulmates are reunited, the token is minted
ownerToId[msg.sender] =nextID;
sharedSpaceToId[msg.sender] = sharedSpaceId; //<--- store sharedSpaceToId
sharedSpaceId++; //<--- increment sharedSpaceId
soulmateOf[msg.sender] = soulmate1;
soulmateOf[soulmate1] = msg.sender;
idToCreationTimestamp[nextID] = block.timestamp;
emit SoulmateAreReunited(soulmate1, soulmate2, nextID);
_mint(msg.sender, nextID++);
}
//// ======= function writeMessageInSharedSpace() =======///
function writeMessageInSharedSpace(string calldata message) external {
uint256 id = ownerToId[msg.sender];
address soulmate = soulmateOf[msg.sender];
uint256 _sharedSpaceId = sharedSpaceToId[soulmate];
sharedSpace[_sharedSpaceId] = message;
emit MessageWrittenInSharedSpace(id, message);
}
//// ======= readMessageInSharedSpace() =========//
function readMessageInSharedSpace() external view returns (string memory) {
// Add a little touch of romantism
return string.concat(sharedSpace[sharedSpaceToId[msg.sender]], ", ", niceWords[block.timestamp % niceWords.length]); //<--updated
// return string.concat(sharedSpace[ownerToId[msg.sender]], ", ", niceWords[block.timestamp % niceWords.length]);
}
Updates

Lead Judging Commences

0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
kryptonomousB Submitter
over 1 year ago
0xnevi Lead Judge
over 1 year ago
kryptonomousB Submitter
over 1 year ago
0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.