ETH Payments Not Tracked in userBalances
Summary
The likeUser function in LikeRegistry.sol does not credit sent ETH to the sender's userBalances, causing all user funds to be permanently locked in the contract.
Vulnerability Details
In LikeRegistry.sol, when a user sends 1 ETH via likeUser, the ETH is stored in the contract's balance, but no code updates userBalances[msg.sender]. Consequently, during mutual matches (matchRewards), the calculation uses userBalances[from] and userBalances[to], which remain at 0. This results in 0 ETH being sent to the multisig wallet, while the actual ETH remains stuck in LikeRegistry.
Affected Code:
Impact
All ETH sent by users is irrecoverably locked in the contract. Matched users receive no funds, violating the core protocol logic.
Tools Used
Manual code audit.
Recommendations
Add the following line to likeUser to track payments:
Appeal created
finding_likeUser_no_userBalances_updated
Likelihood: High, always. Impact: High, loss of funds
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.