DatingDapp

Summary

The LikeRegistry contract includes a timestamp field in the Like struct, which is intended to record the time when likeUser() is executed. However, there is no logic within the contract that utilizes this timestamp for any conditions, validations, or processing. As a result, the stored data serves no functional purpose, leading to unnecessary storage consumption and an inefficient contract design.

Vulnerability Details

The presence of a timestamp field in the Like struct suggests that the contract was originally designed to track when a likeUser() transaction occurs. Typically, such a field would be used to enforce time-based conditions, such as expiration periods, delays, or dispute resolutions. However, in its current state, the contract does not reference or utilize this timestamp in any way.

Since Solidity storage is costly, maintaining unused variables increases gas costs without providing any benefit. Every time a Like struct is instantiated, an unnecessary value is stored in contract memory, resulting in long-term inefficiencies. Additionally, if developers intended to use this timestamp for future updates, its absence in existing logic means that those conditions remain unimplemented, potentially leading to incomplete functionality.

Impact

The inclusion of an unused timestamp field increases gas consumption for no practical reason. Every likeUser() transaction requires additional storage space, making interactions more expensive while providing no added functionality. If future contract updates rely on this timestamp but fail to include the necessary logic, users may face inconsistencies or unexpected behavior. Additionally, leaving unused fields in the contract may create confusion for auditors and developers, leading to maintenance difficulties and potential errors in later modifications.

Tools Used

Manual Audit

Recommendations

To address this issue, the contract should either implement logic that actively utilizes the timestamp field or remove it entirely if it is not needed. If timestamps are intended to be used for enforcing conditions, the contract should introduce relevant checks within likeUser() and other related functions. For example, timestamps could be used to enforce expiration periods, prevent rapid repeated interactions, or establish chronological order in processing transactions.

A possible patch for integrating timestamp logic could involve enforcing a delay between consecutive likes from the same user or setting an expiration time for unreciprocated likes.