Submission Details
Severity:
No refund mechanism available in `LikeRegistry::likeUser` if the user sends more fund than needed, causing permanent loss of funds.
No refund mechanism available in LikeRegistry::likeUser if the user sends more fund than needed, causing permanent loss of funds.
Description: The code below does not have a refund mechanism, if a user send more than one ether
function likeUser(address liked) external payable {
require(msg.value >= 1 ether, "Must send at least 1 ETH");
require(!likes[msg.sender][liked], "Already liked");
require(msg.sender != liked, "Cannot like yourself");
require(profileNFT.profileToToken(msg.sender) != 0, "Must have a profile NFT");
require(profileNFT.profileToToken(liked) != 0, "Liked user must have a profile NFT");
likes[msg.sender][liked] = true;
emit Liked(msg.sender, liked);
// Check if mutual like
if (likes[liked][msg.sender]) {
matches[msg.sender].push(liked);
matches[liked].push(msg.sender);
emit Matched(msg.sender, liked);
matchRewards(liked, msg.sender);
}
}
Impact: The user will lose his/her funds permanently
Proof of Concept: You need to create a test file testLikeRegistry.t.sol
contract LikeRegistryTest is Test {
SoulboundProfileNFT soulboundNFT;
LikeRegistry likeRegistry;
address user = address(0x123);
address user2 = address(0x456);
address owner = address(this); // Test contract acts as the owner
function setUp() public {
soulboundNFT = new SoulboundProfileNFT();
likeRegistry = new LikeRegistry(address(soulboundNFT));
}
}
and add the following test
function testlikeUserRefund() public {
uint256 priceToLike = 1e18; // 1 ether to like a profile.
uint256 initialBalance = 10e18; // user have 10 ether.
vm.deal(user, initialBalance);
assertEq(user.balance, initialBalance, "user balance is not 10 ether");
vm.prank(user);
soulboundNFT.mintProfile("Alice", 25, "ipfs://profileImage");
vm.prank(user2);
soulboundNFT.mintProfile("Bob", 27, "ipfs://profileImage");
vm.startPrank(user);
likeRegistry.likeUser{value: 5e18}(user2); // if user send 5 ether
uint256 expectedBalance = initialBalance - priceToLike;
assertEq(user.balance, expectedBalance, "User lost fund");
}
Recommended Mitigation:
Add the following lines in the function LikeRegistry::likeUser
function likeUser(address liked) external payable {
require(msg.value >= 1 ether, "Must send at least 1 ETH");
require(!likes[msg.sender][liked], "Already liked");
require(msg.sender != liked, "Cannot like yourself");
require(profileNFT.profileToToken(msg.sender) != 0, "Must have a profile NFT");
require(profileNFT.profileToToken(liked) != 0, "Liked user must have a profile NFT");
@> uint256 refund = msg.value - 1e18;
@> if (refund > 0) {
@> (bool success,) = payable(msg.sender).call{value: refund}("");
@> require(success, "Transfer failed");
@> }
likes[msg.sender][liked] = true;
emit Liked(msg.sender, liked);
// Check if mutual like
if (likes[liked][msg.sender]) {
matches[msg.sender].push(liked);
matches[liked].push(msg.sender);
emit Matched(msg.sender, liked);
matchRewards(liked, msg.sender);
}
}
Updates
Appeal created
n0kto 5 months ago
Submission Judgement Published Reason: Non-acceptable severity
Assigned finding tags:
Users mistake, only impacting themselves.
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Rewards breakdown
nSLOC
197This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.