Summary

The dating dApp allows users to mint, burn, and re-mint their profiles with a different age while preserving existing matches. This breaks the integrity of age-based matching, enabling users to manipulate their profiles post-match.

🤣 Example: A 20-year-old matches with someone, burns their profile, and re-mints as a 50-year-old while keeping the previous match.

Vulnerability Details

The contract stores matches permanently in matches[msg.sender], even after a profile is burned and re-minted.

There is no verification of profile age or existence before confirming a match.

Problem:

• The match persists even after a profile is deleted and re-minted.

• A user can change their age and still keep their old matches, making age-based filtering meaningless.

PoC

1. Alice (20 years old) mints a profile.

2. Alice likes Bob, and Bob likes Alice (Match is created).

3. Alice burns her profile and re-mints it with a different age (e.g., 50 years old).

4. Alice still has the match with Bob, even though she changed her age.

5. Unexpected Result: The system still thinks Alice (now 50) matched with Bob (20)!

Impact

• Breaks Match Integrity: Users can fake their age while keeping past matches.

• Manipulates Trust in the Dating System: Age-based filtering becomes unreliable.

• Exploitable Behavior: Users can mislead others while retaining past connections.

Tools Used

Manual Review

Recommendations

Modify burnProfile() in SoulboundProfileNFT.sol to remove matches when a profile is deleted.

This function removes all matches when a profile is burned.