Since there is no mechanism to update the mapping `LikeRegistry::userBalances`, its value remains `0`; which breaks the functionality of `matchRewards`
Description:
The LikeRegistry::matchRewards function is intended to transfer reward to multisig wallet of the users. It takes 10% fee from the sum of balances of user1 and user2. But, there is no mechanism tho update LikeRegistry::userBalances and it remains 0 forever. This breaks the functionality of matchRewards, as LikeRegistry::totalRewards will be 0, thus LikeRegistry::matchingFees will be 0.
This will make rewards which will be transferred to multisig wallet 0 as well.
Impact:
No reward will be transferred to multisig wallet. No fees will be collected because of this.
Recommended Mitigation:
Consider adding a function, so that users can deposit funds and the change gets reflected in
userBalancesmapping.Consider adding a check to
totalRewards, such that it can't be zero.
Appeal created
finding_likeUser_no_userBalances_updated
Likelihood: High, always. Impact: High, loss of funds
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.