DatingDapp

First Flight #33

Beginner FriendlyFoundrySolidityNFT

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

Missing balance updates in `LikeRegistry::likeUser` breaks reward distribution and fee collection

oks_oks

Description: The LikeRegistry::likeUser function fails to update user balances when users send ETH to like other users.

The missing balance update means that even though users send ETH to the contract, their balances are never recorded. This breaks two core features:

Match rewards cannot be distributed because user balances remain at 0
Protocol fees are never collected since they're based on user balances

Impact:

All ETH sent by users becomes permanently stuck in the contract
Match rewards system is completely broken
Protocol fee collection mechanism fails
Users lose funds without receiving intended benefits

Proof of Concept:

Alice sends 1 ETH to like Bob
Bob sends 1 ETH to like Alice back
They match, but no rewards are distributed because their balances were never recorded
The contract now holds 2 ETH that can't be distributed

Proof of Code:
Add this test to your test file (it would be better to create a new test file LikeRegistry.t.sol)

function test_ShouldUpdateUserBalances() public {

// Setup

vm.deal(user1, 10 ether);

vm.deal(user2, 10 ether);

// Create profiles for both users

vm.prank(user1);

profileNFT.mintProfile("alice", 25, "ipfs://user1");

vm.prank(user2);

profileNFT.mintProfile("bob", 28, "ipfs://user2");

// Alice likes Bob

vm.prank(user1);

likeRegistry.likeUser{value: 1 ether}(user2);

// Verify Alice's balance is not updated (current behavior)

assertEq(likeRegistry.userBalances(user1), 0, "Alice's balance should be 0 (but this is the bug)");

// Bob likes Alice back

vm.prank(user2);

likeRegistry.likeUser{value: 1 ether}(user1);

// After matching, both balances should be 0 (as matchRewards resets them)

// But no rewards were distributed because balances were never updated

assertEq(likeRegistry.userBalances(user1), 0);

assertEq(likeRegistry.userBalances(user2), 0);

// Total fees should be 0 because no balances were ever updated

assertEq(likeRegistry.getTotalFees(), 0, "Should have collected fees (but didn't due to the bug)");

}

Recommended Mitigation: Update userBalances when calling LikeRegistry::likeUser function.

function likeUser(address liked) external payable {

require(msg.value >= 1 ether, "Must send at least 1 ETH");

...

+ userBalances[msg.sender] += msg.value;

likes[msg.sender][liked] = true;

emit Liked(msg.sender, liked);

...

}

Updates

Appeal created

n0kto Lead Judge 6 months ago

Submission Judgement Published

Validated

Assigned finding tags:

finding_likeUser_no_userBalances_updated

Likelihood: High, always. Impact: High, loss of funds

Rewards breakdown

nSLOC

197

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.