userBalance problem
Summary
In "likedRegistry" contract, there is an internal function called "matchRewards" and it's called whenever both addresses liked each other. there is a logic error in this funciton.
Vulnerability Details
So in this particular code, we can see that "matchUserOne" and "matchUserTwo" are getting and storing their values from "userBalances" mapping. The problem is, "userBalances" never gets update to users current balance, meaning that both "from" and "to" balances in "userBalances" mapping remains zero forever. Beacuase the only logic that updates "userBalance" mapping for users, is in this block despite it will set it to zero again.
Impact
Beacuase of this logic error, all ethers are stored in "likedRegistry" contract and the call function in "matchRewards" always sends zero ether to the "MultiSig" deployed contract.
Tools Used
Remix IDE, Hardhat
Recommendations
You should add this line in "likeUser" funciton in order to store users balance.
Appeal created
finding_likeUser_no_userBalances_updated
Likelihood: High, always. Impact: High, loss of funds
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.