Submission Details
Severity:
Even without a soulmate, one can still call Soulmate.sol::getDivorced() to divorce
Summary
Even without a soulmate, one can still call Soulmate.sol::getDivorced() to divorce.
Vulnerability Details
Add this test to SoulmateTest.t.sol and run forge test --match-test test_WithoutSoulmateDivorced -vvvv the issue.
function test_WithoutSoulmateDivorced() public {
vm.startPrank(soulmate1);
soulmateContract.mintSoulmateToken();
soulmateContract.getDivorced();
vm.stopPrank();
vm.prank(soulmate1);
assertTrue(soulmateContract.isDivorced());
vm.prank(address(0));
assertTrue(soulmateContract.isDivorced());
}
Impact
Even without a soulmate, divorce is possible, and address(0) will also be recorded as divorced.
Tools Used
manual review
Recommendations
Add an error at line 16 in Soulmate.sol
error Soulmate__alreadyHaveASoulmate(address soulmate);
error Soulmate__SoulboundTokenCannotBeTransfered();
+ error Soulmate__NotHaveASoulmate();
Add a conditional check in the getDivorced function to revert if there is no Soulmate call
function getDivorced() public {
+ if (soulmateOf[msg.sender] == address(0)) revert Soulmate__NotHaveASoulmate();
address soulmate2 = soulmateOf[msg.sender];
divorced[msg.sender] = true;
divorced[soulmateOf[msg.sender]] = true;
emit CoupleHasDivorced(msg.sender, soulmate2);
}
Rewards breakdown
nSLOC
233This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.