First Flight #9: Soulmate
First Flight #9
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

**Double Call in `Soulmate::mintSoulmateToken`, an user can be his own soulmate breaking the goal of the project**

i3arba

  • Description:

    • A user can double call the Soulmate::mintSoulmateToken and be his own soulmate. This way, the protocol's purpose is violated.

    • Love yourself is the greatest form of love, however, in this scenario is a rule violation too.

  • Impact:

    • The project goal, to unite two "unknown soulmates" is violated.

  • Proof of Code:

    • User1 Call Soulmate::mintSoulmateToken once

    • User1 call Soulmate::mintSoulmateToken again

    • User1 mint the token alone, without a soulmate

      Add the code below in `SoulmateTest.t.sol`
      function test_MintNewTokenCalledTwoTimesInARow() public {
      uint tokenIdMinted = 0;
      vm.prank(soulmate1);
      soulmateContract.mintSoulmateToken();
      assertTrue(soulmateContract.totalSupply() == 0);
      vm.prank(soulmate1);
      soulmateContract.mintSoulmateToken();
      assertTrue(soulmateContract.totalSupply() == 1);
      assertTrue(soulmateContract.soulmateOf(soulmate1) == soulmate1);
      assertTrue(soulmateContract.soulmateOf(soulmate1) == soulmate1);
      assertTrue(soulmateContract.ownerToId(soulmate1) == tokenIdMinted);
      }

  • Recommendation:

    Add the code below in `SoulmateTest.t.sol`
    function mintSoulmateToken() public returns (uint256) {
    + if(idToOwners[ownerToId[msg.sender]][0] == msg.sender || idToOwners[ownerToId[msg.sender]][1] == msg.sender) revert Soulmate__alreadyIntheSoulmateList();
    // Check if people already have a soulmate, which means already have a token
    address soulmate = soulmateOf[msg.sender];
    if (soulmate != address(0))
    revert Soulmate__alreadyHaveASoulmate(soulmate);
    address soulmate1 = idToOwners[nextID][0];
    address soulmate2 = idToOwners[nextID][1];
    if (soulmate1 == address(0)) {
    idToOwners[nextID][0] = msg.sender;
    ownerToId[msg.sender] = nextID;
    emit SoulmateIsWaiting(msg.sender);
    } else if (soulmate2 == address(0)) {
    idToOwners[nextID][1] = msg.sender;
    // Once 2 soulmates are reunited, the token is minted
    ownerToId[msg.sender] = nextID;
    soulmateOf[msg.sender] = soulmate1;
    soulmateOf[soulmate1] = msg.sender;
    idToCreationTimestamp[nextID] = block.timestamp;
    emit SoulmateAreReunited(soulmate1, soulmate2, nextID);
    _mint(msg.sender, nextID++);
    }
    return ownerToId[msg.sender];
    }
Updates

Lead Judging Commences

0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

finding-self-soulmate

- Given the native anonymous nature of blockchain in general, this issue cannot be avoided unless an explicit whitelist is implemented. Even then we can only confirm soulmates are distinct individuals via kyc. I believe finding a soulmate is intended to be permisionless. - However, even though sufficient (500_000_000e18 in each vault) tokens are minted to claim staking and airdrop rewards, it would take 500_000_000 / 2 combined weeks for airdrop vault to be drained which is not unreasonable given there are [80+ million existing wallets](https://coinweb.com/trends/how-many-crypto-wallets-are-there/). Given there is no option to mint new love tokens, this would actually ruin the functionality of the protocol of finding soulmates and shift the focus to abusing a sybil attack to farming airdrops instead. Assigning medium severity for now but am open for appeals otherwise, since most if not all issues lack indepth analysis of the issue.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.