DatingDapp

First Flight #33

Beginner FriendlyFoundrySolidityNFT

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

Owner of the protocol will never be able to to withdraw funds from contract as `totalFees` is incorrectly calculated

0x1422

Description:

Due to lack of updation of state vaiable LikeRegistry::userBalances in the function LikeRegistry::likeUser(), the userBalances never gets updated.

Also LikeRegistry::userBalances variable is used to calculate the Fees of the protocol.

After the calculation the totalFees variable remains 0.

Impact:

The protocol owner will never be able to withdraw the funds.

Proof of Concept:

How to run => forge test --mt testWithdrawlByOwner -vv

// SPDX-License-Identifier: MIT

pragma solidity ^0.8.19;

import "forge-std/Test.sol";

import "../src/MultiSig.sol";

import "../src/SoulboundProfileNFT.sol";

import "../src/LikeRegistry.sol";

contract TestMultisig is Test {

MultiSigWallet multiSig;

SoulboundProfileNFT soulboundNFT;

LikeRegistry likeRegistry;

address Alice = address(0x123);

address Bob = address(0x456);

address owner = makeAddr("owner"); // Test contract acts as the owner

function setUp() public {

vm.prank(owner);

soulboundNFT = new SoulboundProfileNFT();

vm.prank(owner);

likeRegistry = new LikeRegistry(address(soulboundNFT));

}

function testWithdrawlByOwner() public {

vm.prank(Alice); // Simulates user calling the function

soulboundNFT.mintProfile("Alice", 25, "ipfs://profileImage");

vm.prank(Bob); // Simulates user calling the function

soulboundNFT.mintProfile("Bob", 25, "ipfs://profileImage");

vm.deal(Alice, 10 ether);

vm.deal(Bob, 10 ether);

// Alice likes Bob

vm.prank(Alice);

(bool success,) = address(likeRegistry).call{value: 1 ether}(abi.encodeWithSignature("likeUser(address)", Bob));

// Bob likes Alice

// A multisig will be created

vm.prank(Bob);

(bool success2,) =

address(likeRegistry).call{value: 1 ether}(abi.encodeWithSignature("likeUser(address)", Alice));

// Try to withdraw the funds

vm.prank(owner);

vm.expectRevert("No fees to withdraw");

likeRegistry.withdrawFees();

}

Recommended Mitigation:

In LikeRegistry.sol please add

function likeUser(address liked) external payable {

...

if (likes[liked][msg.sender]) {

matches[msg.sender].push(liked);

matches[liked].push(msg.sender);

emit Matched(msg.sender, liked);

matchRewards(liked, msg.sender);

}

// Keeping track of money sent by msg.sender

+ @> userBalances[msg.sender] += msg.value;

}

Updates

Appeal created

n0kto Lead Judge 7 months ago

Submission Judgement Published

Validated

Assigned finding tags:

finding_likeUser_no_userBalances_updated

Likelihood: High, always. Impact: High, loss of funds

Rewards breakdown

nSLOC

197

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.