DatingDapp
First Flight #33
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

All funds are stuck in the LikeRegistry contract

al88nsk

Summary

All funds sent to LikeRegistry contract are stuck in the contract due to incorrect storing users balances.

Vulnerability Details

In LikeRegistry contract userBalances is not updated when a user sends eth to the contract (either via likeUser function or just by sending eth to contract address). There are only 2 ways to withdraw funds from the contract

  1. If 2 users match then their balances are sent to MultiSigWallet contract

  2. The owner can withdraw fees

In both cases the value to send is calculated based on the values stored in userBalances array, and since userBalances values always equal to 0, no funds are actually sent anywhere.

Impact

All funds are stuck in the contract.

Tools Used

Manual review

Recommendations

Update userBalances values when a user calls likeUser or just sends eth to the contract:

function likeUser(address liked) external payable {
require(msg.value >= 1 ether, "Must send at least 1 ETH");
require(!likes[msg.sender][liked], "Already liked");
require(msg.sender != liked, "Cannot like yourself");
require(profileNFT.profileToToken(msg.sender) != 0, "Must have a profile NFT");
require(profileNFT.profileToToken(liked) != 0, "Liked user must have a profile NFT");
+ userBalances[msg.sender] += msg.value;
likes[msg.sender][liked] = true;
emit Liked(msg.sender, liked);
// Check if mutual like
if (likes[liked][msg.sender]) {
matches[msg.sender].push(liked);
matches[liked].push(msg.sender);
emit Matched(msg.sender, liked);
matchRewards(liked, msg.sender);
}
}
Updates

Appeal created

n0kto Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

finding_likeUser_no_userBalances_updated

Likelihood: High, always. Impact: High, loss of funds

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.