DatingDapp

Summary

When two users match, their pooled ETH is locked in a multi-signature wallet that requires both parties to approve transactions. However, if the couple breaks up or if one user loses access to their wallet (e.g., lost private keys, compromised wallet, or simply refusing to cooperate), the funds become permanently locked with no recovery mechanism.

Vulnerability Details

• The contract does not provide a way for users to withdraw their share of the funds in case of a breakup or unresponsiveness.

• If one user loses their wallet or refuses to sign transactions, the funds remain permanently inaccessible.

• There is no timeout or escape mechanism to allow one party to retrieve their portion of the locked funds after a certain period.

Impact

• Permanent fund loss: Users who no longer have an active partner could lose all their pooled ETH.

• Unfair financial exposure: One party may want to withdraw, but the other could block them indefinitely.

• Legal/Trust Issues: Without an exit strategy, users could feel trapped, making the system impractical for real-world dating.

This issue is critical as it can lead to irreversible financial loss and makes the platform risky for users.

Tools Used

Manuel Review

Recommendations

• Implement a breakup function that allows one user to withdraw their share of funds if the other is unresponsive for a certain period.

• Introduce a time-based recovery mechanism where a user can claim their half after a grace period (e.g., 30 days) without the other’s approval.

• Consider allowing an arbitrator (such as an admin) to intervene in case of disputes.