Missing Mandatory Gender Field in Profile NFT in SoulboundProfileNFT contract.
Finding Description and Impact
The SoulboundProfileNFT contract lacks a mandatory gender field in the mintProfile function when creating a profile. For a dating app, this is a critical oversight because:
Prevents effective matchmaking based on user preferences
Makes filtering and recommendations impossible
Reduces the utility of the profile NFT for dating purposes
Impact:
Cannot implement preference-based matching
Reduces platform usability for dating purposes
Makes it harder to build meaningful connections
Inefficient user discovery process
Lines of Code
https://github.com/CodeHawks-Contests/2025-02-datingdapp/blob/878bd34ef6607afe01f280cd5aedf3184fc4ca7b/src/SoulboundProfileNFT.sol#L30
Recommended Mitigation Steps
Gender field role should be make compulsory
These changes provide several benefits:
Enables effective matchmaking algorithms
Respects user preferences and orientations
Improves user experience with better matches
Tools Used
Manual Review
Appeal created
Informational or Gas
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.