No Function is present in the `LikeRegistry.sol` contract to Withdraw the User Funds If nobody Likes the User or the User is no More Interested
Summary
In the LikeRegistry.sol contract there is no function present for the user if the user is not liked or is no more interested in using the protocol or in the liked user. The user funds gets stuck in the contract foreever even the contract owner cannot withdraw the funds from the contract.
Vulnerability Details
Observe that when liking any one user you need 1 Ether to like the other user as according to LikeRegistry.solcontract function likeuser
But there is no functionality present if the user who paid 1 Ether doesn't liked by the other one can withdraw his funds back from the contract and also even admin can't remove the funds and send back to the affected user which leads to funds stuck in the contract forever.
Impact
Funds stuck of the user leads to loose trust over the protocol.
Tools Used
Manual Method
Recommendations
Add a proper function by which something happens like this the user can remove there funds safely.
Appeal created
Informational or Gas
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.