DatingDapp

AI First Flight #6

Beginner FriendlyFoundrySolidityNFT

EXP

View results

Previous Next

Submission Details

Impact: high

Likelihood: high

Invalid

Reentrancy in `matchRewards` — No ReentrancyGuard

pratamaajip01

[HIGH] Reentrancy in `matchRewards` — No ReentrancyGuard

File: sources/2025-02-datingdapp/src/LikeRegistry.sol
Lines: 49–62

Summary

matchRewards() performs an external .call to send ETH to a newly deployed MultiSigWallet. There is no ReentrancyGuard on likeUser() or withdrawFees(). A malicious contract as a matched participant could re-enter during the ETH send.

Vulnerability Details

function matchRewards(address from, address to) internal {

userBalances[from] = 0;

userBalances[to] = 0;

// ... fee math ...

MultiSigWallet multiSigWallet = new MultiSigWallet(from, to);

(bool success,) = payable(address(multiSigWallet)).call{value: rewards}("");

// ^^^ Unprotected external call — no ReentrancyGuard

require(success, "Transfer failed");

}

PoC

contract ReentrancyAttacker {

LikeRegistry registry;

address victim;

constructor(address _registry, address _victim) {

registry = LikeRegistry(_registry);

victim = _victim;

}

receive() external payable {

// Re-enter likeUser during ETH transfer in matchRewards

if (address(registry).balance > 0) {

registry.likeUser{value: 1 ether}(victim);

}

Impact

Potential double-spend of balances in multi-step match scenarios.
Combined with the userBalances fix (Critical), reentrancy becomes a live drain vector for accumulated fees.
All ETH in the contract is at risk once userBalances is properly tracked.

Tools Used

Manual analysis
Slither reentrancy pattern detection

Recommendations

+ import "@openzeppelin/contracts/utils/ReentrancyGuard.sol";

- contract LikeRegistry is Ownable {

+ contract LikeRegistry is Ownable, ReentrancyGuard {

- function likeUser(address liked) external payable {

+ function likeUser(address liked) external payable nonReentrant {

- function withdrawFees() external onlyOwner {

+ function withdrawFees() external onlyOwner nonReentrant {

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge 6 days ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!