DatingDapp

First Flight #33

Beginner FriendlyFoundrySolidityNFT

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

All users will lose their contributions because userBalances does not track their contributions.

0xcryptanu

Summary

When LikeRegistry::likeUser is called the likes mapping as well as matches gets updated and internally calls LikeRegistry::matchRewards. The userBalances mapping does not get updated leaving the like payments for each individual untracked.

Vulnerability Details

LikeRegistry::likeUser does not get to track the individual user's like payments since they will happen in separate transactions leaving LikeRegistry::matchRewards to default the couple's balances to 0. This makes LikeRegistry function just like a honeypot allowing users to buy-in (make deposits) but they are unable to withdraw.

uint256 matchUserOne = userBalances[from];

uint256 matchUserTwo = userBalances[to];

userBalances[from] = 0;

userBalances[to] = 0;

Without properly updating userBalances, the variables matchUserOne and matchUserTwo (which are always going to be 0) are summed to obtain totalRewards (0), and fees are calculated from totalRewards (obtaining 0) as well.

Impact

multiSigWallet gets deployed with 0 ETH sent into it leaving the couple's contributions for their date locked in LikeRegistry. The couple loses all funds intended to be put towards use on their first date.

Tools Used

Manual Review, Remix IDE.

Recommendations

Properly track the contributions of individuals to allow them maximize the use of the DatingDapp.

function likeUser(

address liked

) external payable {

require(msg.value >= 1 ether, "Must send at least 1 ETH");

require(!likes[msg.sender][liked], "Already liked");

require(msg.sender != liked, "Cannot like yourself");

require(profileNFT.profileToToken(msg.sender) != 0, "Must have a profile NFT");

require(profileNFT.profileToToken(liked) != 0, "Liked user must have a profile NFT");

likes[msg.sender][liked] = true;

emit Liked(msg.sender, liked);

+ userBalances[msg.sender] += msg.value; // should be 1ETH according to docs

// Check if mutual like

if (likes[liked][msg.sender]) {

matches[msg.sender].push(liked);

matches[liked].push(msg.sender);

emit Matched(msg.sender, liked);

matchRewards(liked, msg.sender);

}

Updates

Appeal created

n0kto Lead Judge 5 months ago

Submission Judgement Published

Validated

Assigned finding tags:

finding_likeUser_no_userBalances_updated

Likelihood: High, always. Impact: High, loss of funds

Rewards breakdown

nSLOC

197

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.