DatingDapp

First Flight #33
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Submission Details
Severity: medium
Invalid

Reentrancy risk in likeUser()

Summary

If liked is a smart contract that executes a callback

Vulnerability Details

function likeUser(address liked) external payable {require(msg.value >= 1 ether, "Must send at least 1 ETH");require(!likes[msg.sender][liked], "Already liked");
likes[msg.sender][liked] = true;
totalFees += msg.value;
userBalances[liked] += msg.value;
emit Liked(msg.sender, liked);
if (likes[liked][msg.sender]) {
matches[msg.sender].push(liked);
matches[liked].push(msg.sender);
emit Matched(msg.sender, liked);
}

}

Impact

It may modify likes[msg.sender][liked] before the function completes.

Tools Used

Recommendations

Use checks-effects-interactions by updating state variables before external calls or withdrawals.

Updates

Appeal created

n0kto Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.