DatingDapp
First Flight #33
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

It is impossible to retrieve the address of MultiSigWallet as it is never emited

0x1422

Description:

When the like is mutual a MultiSigWallet is created for both people. But the problem is wallet address is memory variable and no state variable is updated so the address of wallet cannot be retrieved.

Impact

The address of wallet remains unknown after creating it and it will be impossible to access their multisig wallet.

Proof of Concept

In LikeRegistry contract

function matchRewards(address from, address to) internal {
...
// Deploy a MultiSig contract for the matched users
// @note it is just memory variable which will be cleared at the end of transaction
@> MultiSigWallet multiSigWallet = new MultiSigWallet(from, to);
// @audit it can be observed that there is no return statement to return address nor any event that emits the address.
...
}

Recommended Mitigation

Add an event which emits the address of multisig wallet.

contract LikeRegistry is Ownable {
// emits the multisig wallet address
+ @> event MultiSigWalletAddress(address indexed multiSigWallet);
...
function matchRewards(address from, address to) internal {
...
MultiSigWallet multiSigWallet = new MultiSigWallet(from, to);
(bool success,) = payable(address(multiSigWallet)).call{value: rewards}("");
// add this line
+ @> emit MultiSigWalletAddress(multiSigWallet);
}
}
Updates

Appeal created

n0kto Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Informational or Gas

Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.