The likeUser
function in LikeRegistry.sol
requires users to send 1 ETH but fails to update the userBalances
mapping. As a result:
User balances (userBalances[msg.sender]
) remain at 0
despite the ETH transfer.
During matchRewards
, totalRewards
is calculated as 0 + 0 = 0
, leading to no rewards for matched users.
Fees (matchingFees
) are deducted from 0
, resulting in 0
fees collected.
Alice calls likeUser(liked: Bob)
with 1 ETH
.
userBalances[Alice]
remains 0
(not updated).
Bob later likes Alice, triggering matchRewards
.
totalRewards = 0 + 0 = 0
→ rewards = 0 - (0 * 10%) = 0
.
A multisig is deployed with 0 ETH
, rendering the match worthless.
Users permanently lose ETH sent to likeUser
with no mechanism to recover funds.
The protocol fails to distribute rewards, breaking core functionality and eroding user trust.
Manual review
Track ETH in userBalances
:
function likeUser(address liked) external payable { require(msg.value >= 1 ether, "Must send at least 1 ETH"); userBalances[msg.sender] += msg.value; // Track ETH // Rest of the code... }
Likelihood: High, always. Impact: High, loss of funds
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.