DatingDapp

First Flight #33
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Submission Details
Severity: low
Invalid

Potential of Griefing Attack if there is a huge Imbalance in Multi-Sig Wallet Contributions

Issue

The current protocol design dictates that if two users match, their previous like payments are pooled into a shared multi-sig wallet for future dates. However, this setup introduces a scenario where one user may have significantly more ETH locked in the protocol than the other.

For example, consider Bob, who has previously liked 10 users, and Alice, who has only liked 2 users. Bob has contributed 10 ETH, while Alice has only contributed 2 ETH. When they match, the multi-sig wallet is created holding 12 ETH. Since all transactions from this wallet require both users’ approval, a griefing attack can occur if Alice refuses to approve any transactions purely out of malice. This would result in Bob’s funds being effectively locked indefinitely, causing a significant financial loss.

Impact

  • Locked Funds: The user who contributed significantly more ETH is at risk of losing access to their funds if the other party refuses to approve transactions.

  • Encourages Malicious Behavior: A user with minimal financial stake can intentionally grief the other party without any personal loss.

  • Deters Participation: Users may be hesitant to participate due to the risk of being locked out of their funds by a bad actor.

Mitigation Strategies

  1. A slashBudget function can be introduced to measure if a user has contributed significantly more ETH than the other. If the imbalance surpasses a certain threshold, the higher contributor should be able to reclaim the excess amount to maintain balance within the pool.

    function slashBudget() external {
    require(msg.sender == owner1 || msg.sender == owner2, "Not an owner");
    uint256 user1Balance = balances[user1];
    uint256 user2Balance = balances[user2];
    uint256 difference = user1Balance > user2Balance ? (user1Balance - user2Balance) : (user2Balance - user1Balance);
    if (difference > SLASH_THRESHOLD) {
    address higherContributor = user1Balance > user2Balance ? user1 : user2;
    uint256 reclaimableAmount = difference - SLASH_THRESHOLD;
    balances[higherContributor] -= reclaimableAmount;
    payable(higherContributor).transfer(reclaimableAmount);
    }
    }

    This ensures that any extreme imbalance can be mitigated by refunding excess funds to the higher contributor.

  2. Timeout-Based Exit Mechanism
    Introduce a mechanism where, if no transactions occur within a certain timeframe, either user can propose a forced withdrawal of their contributions. The counterparty must respond within a set period, or the initiator is refunded their locked funds.

  3. Arbitration System
    An off-chain arbitration mechanism can be established where disputes regarding locked funds are reviewed, and funds are fairly redistributed based on initial contributions.

By implementing safeguards such as the slashBudget function, timeout-based exits, and arbitration mechanisms, the protocol can mitigate the risk of griefing attacks and ensure a fairer experience for users contributing significantly more ETH to the shared multi-sig wallet.

Updates

Appeal created

n0kto Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.