DatingDapp

First Flight #33

Beginner FriendlyFoundrySolidityNFT

100 EXP

View results

Previous Next

Submission Details

Severity: high

Invalid

H-02. Incorrect rewards distribution

suu

Summary

In LikeRegistry.sol, the calculation of rewards in the matchRewards() function is flawed. Instead of summing up the ETH transferred specifically for the mutual "like" between the two matched users, it sums up the total balances of both users. This can result in incorrect reward distribution.

Vulnerability Details

The matchRewards() function calculates rewards as the sum of userBalances[from] and userBalances[to]. However:

The balances (userBalances) include all ETH sent by the users for liking others, not just the ETH relevant to this specific match.
This can lead to:
- Over-rewarding: When a user has sent ETH to like other users, their balance is incorrectly included in the reward pool for this match.
- Under-rewarding: If other matches deplete a user’s balance before this match is processed, the rewards for this match will be lower than expected.

Example Scenario

User A sends 2 ETH to like User B and 1 ETH to like User C. User B sends 1 ETH to like User A.
When A and B match, matchRewards() will incorrectly use the entire balance of User A (3 ETH) and User B (1 ETH) instead of just the 2 ETH and 1 ETH relevant to their mutual likes.

Impact

Rewards may not accurately reflect the ETH transferred for the specific match.
Users could receive rewards that are either higher or lower than expected.
Potential disputes or loss of trust from users due to incorrect reward distribution.

Tools Used

Manual code review
Test scenario design to analyze edge cases

Recommendations

Track ETH transferred for each individual "like" interaction. Update the likes mapping to include the amount sent:

mapping(address => mapping(address => uint256)) public likeAmounts;
Modify the likeUser() function to record the ETH amount sent for the specific "like":

likeAmounts[msg.sender][liked] = msg.value;
Update the matchRewards() function to use the amounts specifically transferred for the mutual "like":

uint256 rewards = likeAmounts[from][to] + likeAmounts[to][from];
likeAmounts[from][to] = 0;
likeAmounts[to][from] = 0;
If userBalances are still needed, ensure they are updated properly in likeUser() but exclude irrelevant balances during reward calculations.

Updates

Appeal created

n0kto Lead Judge 5 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Rewards breakdown

nSLOC

197

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.