DatingDapp

First Flight #33

Beginner FriendlyFoundrySolidityNFT

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

`LikeRegistry::likeUser` `userBalances` Not Updated ETH could get stucked in the contract

summer

Description:

The likeUser function does not update the userBalances mapping when users send ETH. As a result, all ETH sent during a "like" is unaccounted for.

During mutual matches, matchRewards transfers userBalances[from] and userBalances[to], which remain at 0, leading to zero rewards sent to the multisig wallet.

Impact:

All user ETH is permanently locked in the contract. The core protocol functionality which is pooling funds for matched users is non-functional.

Proof of Concept:

Modify the test imports and setup and include this test below, run with -vvv. this test is expecting this failure to verify that funds are locked when users match.

it simulates user liking user2 by sending 1 ETH.
Simulates user2 liking user by sending 1 ETH.
Checks the balance of the deployed multisig wallet.

The multisig wallet should have 1.8 ETH (90% of 2 ETH after a 10% fee), but it returns 0. The multisig is deployed but has 0 ETH, which the test checks for. This shows that the funds aren't being tracked correctly.

Test

// SPDX-License-Identifier: MIT

pragma solidity 0.8.19;

import "../src/LikeRegistry.sol";

import "../src/MultiSig.sol";

contract SoulboundProfileNFTTest is Test {

LikeRegistry likeRegistry; // Declare LikeRegistry variable

uint256 constant LIKE_FEE = 1 ether; // constant to track likeFee

function setUp() public {

soulboundNFT = new SoulboundProfileNFT();

likeRegistry = new LikeRegistry(address(soulboundNFT)); // initialize likeRegistry

// Setup profiles for like tests

vm.prank(user);

soulboundNFT.mintProfile("Alice", 25, "ipfs://alice");

vm.prank(user2);

soulboundNFT.mintProfile("Bob", 28, "ipfs://bob");

}

// - userBalances Not Updated

function testFundsLockedWhenMatching() public {

// User1 likes User2 (1 ETH)

vm.prank(user);

likeRegistry.likeUser{value: LIKE_FEE}(user2);

// User2 likes User1 (1 ETH)

vm.prank(user2);

likeRegistry.likeUser{value: LIKE_FEE}(user1);

// Check multisig balance (should be 1.8 ETH if working)

address[] memory matches = likeRegistry.getMatches();

MultiSigWallet multisig = MultiSigWallet(matches[0]);

assertEq(address(multisig).balance, 0, "Multisig should have 0 ETH"); // check will Fail

}

Recommended Mitigation:

Update likeUser to track ETH:

Reccomendation

userBalances[msg.sender] += msg.value;

Updates

Appeal created

n0kto Lead Judge 8 months ago

Submission Judgement Published

Validated

Assigned finding tags:

finding_likeUser_no_userBalances_updated

Likelihood: High, always. Impact: High, loss of funds

Rewards breakdown

nSLOC

197

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.