DatingDapp

First Flight #33
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Submission Details
Severity: high
Valid

Lack of Update of userBalances mapping leads to Accounting mismatch

Summary

Vulnerability Details

The likeUser function in LikeRegistry.sol requires users to send 1 ETH but fails to update the userBalances mapping. As a result:

  • User balances (userBalances[msg.sender]) remain at 0 despite the ETH transfer.

  • During matchRewards, totalRewards is calculated as 0 + 0 = 0, leading to no rewards for matched users.

  • Fees (matchingFees) are deducted from 0, resulting in 0 fees collected.

Proof of Concept

  1. Alice calls likeUser(liked: Bob) with 1 ETH.

  2. userBalances[Alice] remains 0 (not updated).

  3. Bob later likes Alice, triggering matchRewards.

  4. totalRewards = 0 + 0 = 0rewards = 0 - (0 * 10%) = 0.

  5. A multisig is deployed with 0 ETH, rendering the match worthless.

Impact

  • Users permanently lose ETH sent to likeUser with no mechanism to recover funds.

  • The protocol fails to distribute rewards, breaking core functionality and eroding user trust.

Tools Used

Manual review

Recommendations

Track ETH in userBalances:

function likeUser(address liked) external payable { require(msg.value >= 1 ether, "Must send at least 1 ETH"); userBalances[msg.sender] += msg.value; // Track ETH // Rest of the code... }

Updates

Appeal created

n0kto Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

finding_likeUser_no_userBalances_updated

Likelihood: High, always. Impact: High, loss of funds

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.