Submission Details
Severity:
Missing functionalitiy for unlike the user or liked one in `LikeRegistry` contract.
Descriptio
There is function for like the user to make a match. But what if the `user` liked will not like the `user` who liked him/her. This will cost the `liker` `1 ETH`, if the user don't like reverse then `1 ETH` will be locked in contract, And there is no function to unlike the `user` and get the `fund`.
Impact
User fund will be locked for infinite time if the user don't like as same as the liker did.
Proof of Concept
Add this function in `testLikeRegistry.t.sol` file after making `test` file
Proof Of Code:
Test the `testUserFundWillLockedForInfiniteTime` function.
```javascript
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.19;
import {Test} from "forge-std/Test.sol";
import {LikeRegistry} from "../src/LikeRegistry.sol";
import {SoulboundProfileNFT} from "../src/SoulboundProfileNFT.sol";
contract testLikeRegistry is Test {
LikeRegistry likeRegistry;
SoulboundProfileNFT profileNFT;
address user1 = makeAddr("user1");
address user2 = makeAddr("user2");
address owner = makeAddr("owner");
function setUp() public {
vm.startPrank(owner);
profileNFT = new SoulboundProfileNFT();
likeRegistry = new LikeRegistry(address(profileNFT));
vm.stopPrank();
vm.deal(user1, 10 ether);
vm.deal(user2, 10 ether);
}
function testLikeUser() public {
vm.prank(user1);
profileNFT.mintProfile("Alice", 25, "ipfs://profileImage");
vm.prank(user2);
profileNFT.mintProfile("Bob", 25, "ipfs://profileImage");
vm.prank(user1);
likeRegistry.likeUser{value: 1 ether}(user2);
assertTrue(likeRegistry.likes(user1, user2), "User1 should like User2");
}
function testUserCanLikeBySendingMoreUnnesseseryETH() public {
vm.prank(user1);
profileNFT.mintProfile("Alice", 25, "ipfs://profileImage");
vm.prank(user2);
profileNFT.mintProfile("Bob", 25, "ipfs://profileImage");
vm.prank(user1);
likeRegistry.likeUser{value: 9 ether}(user2);
assertEq(address(likeRegistry).balance, 9 ether);
}
function testUserFundWillLockedForInfiniteTime() public {
vm.prank(user1);
profileNFT.mintProfile("Alice", 25, "ipfs://profileImage");
vm.prank(user2);
profileNFT.mintProfile("Bob", 25, "ipfs://profileImage");
vm.prank(user1);
likeRegistry.likeUser{value: 1 ether}(user2);
//There is no options or function to unlike user2.
}
function testUserFundsAreNotUpdated() public {
vm.prank(user1);
profileNFT.mintProfile("Alice", 25, "ipfs://profileImage");
vm.prank(user2);
profileNFT.mintProfile("Bob", 25, "ipfs://profileImage");
vm.prank(user1);
likeRegistry.likeUser{value: 1 ether}(user2);
assertEq(likeRegistry.userBalances(user1), 0, "User1 balance should be 0");
assertEq(likeRegistry.userBalances(user2), 0, "User2 balance should be 0");
assertEq(address(likeRegistry).balance, 1 ether);
}
}
```
Recommended Mitigation
Developer should implement appropriate functionality for unlike another user.
Updates
Appeal created
n0kto 6 months ago
Submission Judgement Published Reason: Design choice
Assigned finding tags:
Informational or Gas
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
gaurangbrdv
6 months ago
n0kto
6 months ago
n0kto 6 months ago
Submission Judgement Published Reason: Design choice
Assigned finding tags:
Informational or Gas
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Rewards breakdown
nSLOC
197This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.