DatingDapp

First Flight #33

Beginner FriendlyFoundrySolidityNFT

100 EXP

View results

Previous Next

Submission Details

Severity: low

Invalid

Lack of Input Validation in matchRewards, Leading to Potential Zero-Value Transfers

kvltbyte

Summary

The matchRewards function does not validate that userBalances[from] and userBalances[to] are greater than zero before performing calculations and transfers. This could result in deploying a multisig wallet and sending zero ETH, wasting gas and creating unnecessary state changes.

Vulnerability Details

Root Cause:
The matchRewards function assumes that userBalances[from] and userBalances[to] are greater than zero. However, if either balance is zero, the function will still deploy a multisig wallet and attempt to send zero ETH, which is inefficient and unnecessary.
Example Scenario:

User A and User B mutually like each other, but one or both of their balances are zero.
The matchRewards function is called, deploying a multisig wallet and attempting to send zero ETH.
Gas is wasted on unnecessary operations, and the multisig wallet is created without any funds.

mpact

Gas Waste: Unnecessary gas is spent on deploying multisig wallets and performing zero-value transfers.

Recommendation

Add checks to ensure that both users have a positive balance before proceeding with the match rewards logic.

function matchRewards(address from, address to) internal {

+ require(userBalances[from] > 0, "From user has no balance");

+ require(userBalances[to] > 0, "To user has no balance");

}

Updates

Appeal created

n0kto Lead Judge 3 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

Informational or Gas

Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.

Rewards breakdown

nSLOC

197

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.