Funds are not returned to the user if the other user does not like their profile.
Summary
When a user (user A) likes another profile (user B), they pay 1 ETH to like the user which goes to the contract. In case user B does not like user A in return, user A is not returned the 1 ETH.
Vulnerability Details
When a user (user A) likes another profile (user B), they pay 1 ETH to like the user which goes to the contract. In case user B does not like user A in return, user A is not returned the 1 ETH. There is no mechanism that allows the funds to be returned to the user if the other party does not like them.
Impact
A user who likes a user loses their money when liking someone who does not like them back.
Tools Used
N/A
Recommendations
Only make the transfer of the 1 ETH from each user after both users have liked each other
Appeal created
Informational or Gas
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.