Submission Details
Severity:
A user may lose their funds if someone they liked does not like them back.
Description: To like someone, the user must deposit at least 1 ETH into the smart contract. But if the other person does not like them back, this amount will be locked in the smart contract with no way to withdraw it.
Impact: A user may lose their funds if someone they liked does not like them back.
Recommended Mitigation: The smart contract LikeRegistry should allow users to unlike and withdraw their funds if they have not been matched.
+ event unLiked(address indexed liker, address indexed liked, uint256 refund);
+ function unlikeUser(address liked) external payable {
+ require(likes[msg.sender][liked], "Not yet liked");
+ require(!likes[liked][msg.sender], "Not yet matched");
+ likes[msg.sender][liked] = false;
+ uint256 refund = userBalances[msg.sender];
+ userBalances[msg.sender] = 0;
+ (bool success,) = payable(msg.sender).call{value: refund}("");
+ require(success, "Transfer failed");
+ emit unLiked(msg.sender, liked, refund);
+ }
Rewards breakdown
nSLOC
197This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.