First Flight #9: Soulmate
First Flight #9
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Any user can get divorced without having a soulmate

ceseshi

Summary

Any user can get divorced without having a soulmate, which should not be possible.

Vulnerability Details

The getDivorced() function in Soulmate.sol does not check if the user has a soulmate, so he will be marked as divorced even if he does not have a soulmate.

Also, the function should check if the user is already divorced, to avoid marking the couple as divorced again.

This test calls getDivorced() without having a soulmate.

function testGetDivorcedWithoutSoulmate() public {
address alice = makeAddr("alice");
vm.prank(alice);
soulmateContract.getDivorced();
bool isDivorced = soulmateContract.isDivorced(alice);
assertTrue(isDivorced);
}

The test passes, confirming that the user can get divorced without having a soulmate.

Running 1 test for test/unit/AuditTest1.t.sol:AuditTest1
[PASS] testGetDivorcedWithoutSoulmate() (gas: 59162)
Test result: ok. 1 passed; 0 failed; 0 skipped; finished in 1.93ms

Impact

Users may make mistakes and get divorced before they even have a soulmate, or when they are already divorced.

Tools Used

Foundry, Manual review

Recommendations

Add soulmate checks in Soulmate:getDivorced()

+error Soulmate__alreadyDivorced();
function getDivorced() public {
address soulmate2 = soulmateOf[msg.sender];
+ if(soulmate2 == address(0)) revert Soulmate__noSoulmate();
+ if(divorced[msg.sender]) revert Soulmate__alreadyDivorced();
divorced[msg.sender] = true;
divorced[soulmateOf[msg.sender]] = true;
emit CoupleHasDivorced(msg.sender, soulmate2);
}
Updates

Lead Judging Commences

0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.