It was observed that when the owner is blocking any user the blockuser() function doesn't check if the user has the balances in the contract and directly deleting the user without checking and sending back the balances of that user in the contract which leads to the balances stuck in the contract forever of the user which is getting blocked by the other. Also no body other can like that person due to the profile gets delete in the blockProfile()
function by this
The blockProfile()
fucntion is deleting the user without checking if that user has outstanding balance in the contract or not and directly deleting the user will make stuck the user balance in the contract forever. And by this the user as well as the owner of the contract cant withdraw the funds from the contract as when the other user are liking this bliocked user due to the delete profileToToken[blockAddress];````delete _profiles[tokenId];
the other userscant like the blocked user and the multisig wallet will not get created and the amount of the blocked user gets stucked forever in the contract.
Blocked users' balances become unrecoverableTools Used.
Users may lose trust in the platform due to unfair fund losses and blocked interactions.
Add this in the code with reentracy gaurd modifier.
Likelihood: Low, burning with money in it would be a user mistake, and being blocked is Low. Impact: High, loss of funds
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.