Stuck Funds. User balance not being saved in likeUser()
Summary
userBalances is not saved anywhere, resulting in a critical issue that causes funds to be stuck in the contract with no actual way of getting them out.
Vulnerability Details
https://github.com/CodeHawks-Contests/2025-02-datingdapp/blob/main/src/LikeRegistry.sol#L38-L39
In function likeUser the balance of the user is not saved anywhere (like userBalances for example). This leads to couple critical issues in function matchRewards:
https://github.com/CodeHawks-Contests/2025-02-datingdapp/blob/main/src/LikeRegistry.sol#L50-L67
- userBalancesof both users will always be 0, meaning even if funds were added they won't be accounted for: resulting in Stuck Funds.
- This will lead to totalRewards always being 0 too, essentially breaking a core functionality of the contract (having a pool of total rewards that both users can access), because even though the matchRewards function will succeed, the total pool of rewards that is supposed to be used in the MultiSig Wallet will always be 0, making the whole project unusable.
- Finally, because of the previously mentioned problems, matchingFees will also be 0, meaning that besides funds getting stuck, leading to problems with core functionalities, the protocol will not make any money from fees, potentially losing money for the owner of DatingDapp in running expenses.
Impact
Critical. The balance is not saved resulting in Stuck Funds, broken core functionality, contract not making money.
Tools Used
Manual Review.
Recommendations
Implement a way to save the balance of the users in function likeUser.
Example:
Appeal created
finding_likeUser_no_userBalances_updated
Likelihood: High, always. Impact: High, loss of funds
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.