DatingDapp

Summary

The SoulboundProfileNFT contract does not impose any restrictions on the length of its storage arrays, leading to unbounded growth as more participants are added. Over time, this excessive storage expansion can significantly increase gas costs, especially when operations require iterating over large datasets. Additionally, the contract does not limit the length of string data stored on-chain, further exacerbating the storage inefficiency and making transactions increasingly expensive.

Vulnerability Details

As more users mint profiles, the contract continuously appends data to storage arrays without enforcing a maximum length. Since blockchain storage is expensive and every read or write operation consumes gas, a continuously growing array will eventually lead to unsustainable gas fees when operations such as iteration, filtering, or batch processing are required.

Furthermore, string inputs such as name and other profile-related data are stored without length constraints. This allows users to submit excessively long strings, further bloating on-chain storage and increasing the cost of interacting with the contract. Since Ethereum imposes limits on transaction gas, this unbounded growth can eventually make certain operations prohibitively expensive or even cause them to fail due to gas limits.

Another issue is that inactive accounts or profiles without any financial activity remain stored indefinitely, further increasing storage consumption over time. Without a mechanism to clean up unused data, the contract risks becoming inefficient, leading to increasing operational costs for all users.

Impact

The lack of storage limitations directly leads to excessive gas costs, making transactions involving profile retrieval, iteration, or updates increasingly expensive. Over time, users may face failed transactions due to gas limits, restricting the contract's usability. Additionally, excessive storage consumption can negatively impact the scalability of the contract, making it less viable for long-term usage.

Tools Used

Manual Audit

Recommendations

To mitigate these issues, the contract should implement strategies to optimize storage usage and prevent unnecessary data accumulation. First, only essential information should be stored on-chain, while non-critical data such as profile descriptions and images should be stored off-chain using decentralized storage solutions like IPFS or Arweave. This reduces on-chain storage costs while maintaining accessibility.

Additionally, string inputs should have enforced length restrictions to prevent excessive data storage. This can be implemented using Solidity's bytes type instead of string, as it allows for fixed-length storage and optimizes gas efficiency.

To address the issue of inactive accounts, the contract should introduce an expiration or cleanup mechanism. Profiles that remain inactive for an extended period or do not receive any transactions should be automatically removed or archived. This can be done through a periodic pruning process, where inactive accounts are flagged and removed unless reactivated by the user.

By implementing these optimizations, the contract can ensure sustainable storage management, reducing long-term gas costs and maintaining operational efficiency.