Unused Like Struct in LikeRegistry Leading to Inefficient Data Management
Summary
The LikeRegistry contract defines a Like struct intended to store information about each interaction, including the liker’s address, the liked address, and a timestamp. However, the contract does not actually use this struct anywhere in its logic, making it redundant. As a result, while the struct is declared, it serves no functional purpose, leading to inefficient storage management and potential confusion for developers maintaining the contract.
Vulnerability Details
A struct is typically used to organize and store related data efficiently, allowing for easy access and manipulation. The Like struct in this contract is defined with fields for tracking the liker, liked user, and timestamp. However, in the current implementation, likeUser() does not instantiate or store instances of this struct. Instead, interactions are managed through other mappings or separate variables, leaving the Like struct completely unused.
Since Solidity storage is expensive, defining a struct without utilizing it contributes to unnecessary complexity in the contract without adding any value. The presence of an unused struct may also cause confusion for developers and auditors, as it suggests that functionality related to this struct was either planned but never implemented or has been removed in past iterations of the contract.
Impact
The existence of an unused struct increases code complexity and can mislead developers into believing that its fields are actively used when they are not. Additionally, the absence of proper struct usage may indicate that critical tracking logic is missing, potentially leading to inconsistencies in how the contract handles interactions. If the struct was originally intended to store transaction details but was never integrated into the logic, then the contract may be failing to track interactions properly, which could lead to issues with matching, fund allocation, or record-keeping.
Tools Used
Manual Audit
Recommendations
To resolve this issue, the contract should either integrate the Like struct into its logic or remove it entirely if it is not needed. If the struct is meant to be used for tracking interactions, the likeUser() function should properly instantiate and store Like objects in a mapping.
Appeal created
Informational or Gas
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.