Summary

The LikeRegistry::likeUser function requires users to send at least 1 ETH to like another profile but does not refund any excess ETH sent. This results in users losing any ETH sent beyond the required 1 ETH, creating a poor user experience and potential financial losses.

Vulnerability Details

Root Cause:
The likeUser function checks that users send at least 1 ETH using require(msg.value >= 1 ether, "Must send at least 1 ETH"), but it does not handle cases where users send more than 1 ETH. The excess ETH remains in the contract and is not refunded to the user.

• Example Scenario:

  1. User A intends to like User B’s profile and sends 1.5 ETH to the likeUser function.

  2. The function accepts the transaction because the sent amount (1.5 ETH) is greater than the required 1 ETH.

  3. However, the excess 0.5 ETH is not refunded to User A and remains locked in the contract.

Impact

1. User Losses: Users who accidentally send more than 1 ETH lose the excess amount permanently.

2. Poor User Experience: Users may feel frustrated or distrustful of the protocol due to the lack of safeguards against overpayment.

3. Reputation Risk: The protocol’s reputation may suffer if users perceive it as unfair or poorly designed.

Recommendation

You can either:

1. Implement a mechanism to refund excess ETH sent by users in the likeUser function. This can be done by calculating the excess amount and sending it back to the user.

2. Revert when a user sends more than 1 eth