First Flight #9: Soulmate

First Flight #9

Beginner FriendlyFoundryNFT

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

AirDrop.sol - Divorced Couples can still collect LoveTokens

kryptonomousB

Summary

Couples that are divorced can Still Claim LoveTokens.

Vulnerability Details

Divorced couples can continue to receive airdrop tokens even though they are divorced and does not work as intented. The line, if(soulmateContract.isDivorced()) revert Airdrop_CouplesDivorced() will always return false because the function isDivorced() on the Soulmate.sol contract returns divorced[msg.sender]. since the airdrop is the one calling the function, it will check if the airdrop contract is divorced - False.

/========= AIRDROP.sol ===========//

function claim() public {

// No LoveToken for people who don't love their soulmates anymore.

//@audit-issue need to add address

if (soulmateContract.isDivorced()) revert Airdrop__CoupleIsDivorced();

Impact

soulmates can still continue to receive airdrops continuing to receive token benefits even though it is not allowed.

Tools Used

Hardhat
✔ Divorced Couple STILL receives Love Airdrop Test (107ms)

Recommendations

Revise the isDivorced() on the soulmate contract to receive an address instead of msg.sender, then let it check the input address.

//===== Soulmate.sol ======///

function isDivorced(address soulmate) public view returns (bool) {

return divorced[soulmate];

}

also update the airdrop.sol contract to send the caller of the claim() 'msg.sender'

// ===== Airdrop.sol =======///

function claim() public {

// No LoveToken for people who don't love their soulmates anymore.

//@audit-issue need to add address

if (soulmateContract.isDivorced(msg.sender)) revert Airdrop__CoupleIsDivorced();

also update the ISoulmate.sol interface

function isDivorced(address soulmate) external view returns (bool);

Updates

Lead Judging Commences

0xnevi Lead Judge over 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

finding-isDivorced-wrong-check

Rewards breakdown

nSLOC

233

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.