DatingDapp
First Flight #33
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Funds Locked for Unmatched Users

parmakhanm786

1. Funds Locked for Unmatched Users

Summary

Users who send ETH to like someone but never receive a like in return will have their funds permanently locked in the contract. The current implementation only distributes funds when a match occurs (matchRewards), but there is no function allowing an unmatched user to withdraw their ETH.

Impact

  • Unmatched users lose their funds permanently.

  • Reduces user trust in the protocol.

  • Creates an unfair system where users pay to participate but might never get their funds back.

Recommendation

Introduce a withdrawal function that allows users to reclaim their funds if they remain unmatched after a certain period.

Code

function withdrawUnmatchedFunds() external {
require(matches[msg.sender].length == 0, "Matched users cannot withdraw");
require(timePeriodOfMatched > (block.timestamp - depositionTime));
uint256 balance = userBalances[msg.sender];
require(balance > 0, "No funds to withdraw");
userBalances[msg.sender] = 0;
(bool success, ) = payable(msg.sender).call{value: balance}("");
require(success, "Withdraw failed");
}
Updates

Appeal created

n0kto Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Informational or Gas

Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.