User A can spend >1 ETH to like another user's profile
Summary
There is no strict restriction to the amount of ETH that prospective lovers pool together in the multisig wallet.
Vulnerability Details
require(msg.value >= 1 ether, "Must send at least 1 ETH");
Due to this check being for msg.value being greater or equal to 1 ether any user can contribute much more than 1 ETH to the multisig wallet when it is created. Say UserA contributes 4 ETH and a prospective lover pools their 1 ETH to the multisig, they could enjoy a 5-star platinum date instead of a coffee chat to get to know each other.
Impact
Unfair contributions per user could cause users to spend more on the first date than expected.
Tools Used
Manual Review
Recommendations
Appeal created
Users mistake, only impacting themselves.
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.