Summary

Precision loss in Airdrop leads to reduced number of days spent as a couple and this rewards the soulmates with lesser amount of love tokens than intended by the protocol.

Vulnerability Details

In Airdrop::claim() function division is performed on the result of subtraction that can potentially lead to precision loss in Solidity. Whenever there's division and decimals involved in Solidity it truncates the fractional part and rounds it down leading to rounding errors.

a simple example would be 0.9 being rounded off to 0, but 0.9 would normally be rounded off to 1.

Here numberOfDaysInCouple is being calculated by performing division on the result of subtraction.

Impact

This would lead to the fractional part of the days spent together to be cut off the calculation leading to a loss of LoveToken for both the soulmates that share an NFT.

Proof Of Concept

Consider today's date to be block.timestamp = 17_895_454 seconds

And suppose soulmate1 and soulmate2 met on CreationTimeStamp = 12_459_686 seconds

The days they spent together would be diff = 5_435_768 seconds

daysInSecond = 3600*24

diff/daysInSecond = 5_435_879/86400

result = 62.91 days

Now here 0.91 would be cut off and both the soulmates would each lose a LoveToken . This could happen a lot and the soulmates wouldve missed out on a lot of LoveTokens they wouldve gotten if it wasnt for precision loss.

Tools Used

Manual Review

Recommendations

1. Using libraries that support higher precision arithmetic, such as fixed-point arithmetic libraries.

2. Converting your values to fixed point representations before doing the arithmetic operations.