DatingDapp
First Flight #33
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Untracked Like Payments Leading to Zero Rewards- LikeRegistry.sol

jefextar

Summary

The contract’s core functionality fails to track ETH payments when a user expresses interest ("likes") another profile. The userBalances mapping, intended to store these payments, remains uninitialized and unused. When mutual likes trigger the matchRewards function, it calculates rewards using userBalances, which are always zero. This results in zero ETH being transferred to the multisig wallet for mutual matches, rendering the reward system ineffective.

Vulnerability Details

The likeUser function does not update any storage variable to track the ETH sent during a like.

function likeUser(address liked) external payable {
require(msg.value >= 1 ether, "Must send at least 1 ETH");
// No logic to store msg.value in userBalances or any other mapping
likes[msg.sender][liked] = true;
emit Liked(msg.sender, liked);
}

The matchRewards function relies on userBalances[from] and userBalances[to], which are zero, leading to totalRewards = 0.

function matchRewards(address from, address to) internal {
uint256 matchUserOne = userBalances[from]; // Always 0
uint256 matchUserTwo = userBalances[to]; // Always 0
// No rewards are sent to the multisig wallet
}

Impact

  • Users receive zero rewards for mutual likes despite paying 1 ETH each.

  • The contract owner cannot withdraw any fees (totalFees remains zero), undermining the business model.

  • Funds remain trapped in the contract, creating a financial loss for users and degrading trust in the platform.

Tools Used

  • Slither for static analysis to detect unused variables (userBalances).

Recommendations

  1. Track ETH Payments: Introduce a payments mapping to accumulate like payments from each user.

    mapping(address => mapping(address => uint256)) public payments;

  2. Update likeUser Function: Store each like’s payment in the payments mapping.

    function likeUser(address liked) external payable {
    require(msg.value == 1 ether, "Must send exactly 1 ETH");
    payments[msg.sender][liked] += msg.value;
    // Existing logic to update likes and emit events
    }

  3. Modify matchRewards: Calculate rewards based on tracked payments and reset them after transfer.

    function matchRewards(address from, address to) internal {
    uint256 user1Payment = payments[from][to];
    uint256 user2Payment = payments[to][from];
    uint256 total = user1Payment + user2Payment;
    // Reset payments
    payments[from][to] = 0;
    payments[to][from] = 0;
    uint256 fee = (total * FIXEDFEE) / 100;
    uint256 rewards = total - fee;
    totalFees += fee;
    // Deploy multisig and transfer rewards
    MultiSigWallet multiSig = new MultiSigWallet(from, to);
    (bool success,) = payable(address(multiSig)).call{value: rewards}("");
    require(success, "Transfer failed");
    }

  4. Enforce Exact Payments: Change the payment requirement to msg.value == 1 ether to prevent overpayments.

Fixed Code Snippet

By implementing these fixes, the contract will accurately track and distribute rewards for mutual likes, ensuring users receive their pooled funds and the owner collects fees as intended.

mapping(address => mapping(address => uint256)) public payments;
function likeUser(address liked) external payable {
require(msg.value == 1 ether, "Must send exactly 1 ETH");
require(!likes[msg.sender][liked], "Already liked");
require(msg.sender != liked, "Cannot like yourself");
require(profileNFT.profileToToken(msg.sender) != 0, "No profile");
require(profileNFT.profileToToken(liked) != 0, "Liked user has no profile");
likes[msg.sender][liked] = true;
payments[msg.sender][liked] += msg.value;
emit Liked(msg.sender, liked);
}
Updates

Appeal created

n0kto Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

finding_likeUser_no_userBalances_updated

Likelihood: High, always. Impact: High, loss of funds

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.