DatingDapp
First Flight #33
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

After the user is matched, the MultiSigWallet address is not stored and is returned to the user. It is very difficult to find the MultiSigWallet address

luongtrongdai

Description: After the user is matched, a new MultiSigWallet will be deployed. However, the LikeRegistry doesn't store the new contract address. Therefore, if the user wants to interact with the MultiSigWallet contract, they must find the contract address in the transaction receipt.

Impact: It is very difficult for the user to find the MultiSigWallet contract address. If the user wants to interact with the MultiSigWallet contract, they must find the contract address in the transaction receipt.

Recommended Mitigation: Add mapping to store new MultiSigWallet address inside LikeRegistry.

+ mapping(address => mapping(address => address)) public multiSigWalletAddress;
function matchRewards(address from, address to) internal {
uint256 matchUserOne = userBalances[from]; // @reported user balance allways 0
uint256 matchUserTwo = userBalances[to];
userBalances[from] = 0;
userBalances[to] = 0;
uint256 totalRewards = matchUserOne + matchUserTwo; // 0
uint256 matchingFees = (totalRewards * FIXEDFEE) / 100; // 0
uint256 rewards = totalRewards - matchingFees; // 0
totalFees += matchingFees;
// Deploy a MultiSig contract for the matched users
MultiSigWallet multiSigWallet = new MultiSigWallet(from, to);
+ multiSigWalletAddress[from][to] = address(multiSigWallet);
+ multiSigWalletAddress[to][from] = address(multiSigWallet);
// Send ETH to the deployed multisig wallet
(bool success,) = payable(address(multiSigWallet)).call{value: rewards}("");
require(success, "Transfer failed");
}
Updates

Appeal created

n0kto Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.