DatingDapp

AI First Flight #6

Beginner FriendlyFoundrySolidityNFT

EXP

View results

Previous Next

Submission Details

Impact: medium

Likelihood: medium

Invalid

Profile Destruction Fails to Clear Relational Mapping Variables inside LikeRegistry — Stale Signal Residuals Enable Replay Matches upon Re-Minting

bamgboseoluwole83

Root + Impact

Description

Describe the normal behavior in one or more sentences
Explain the specific issue or problem in one or more sentences

## Description

* Normal execution ensures that when a profile lifecycle changes (via burning or admin modification), all state mappings linked to that identity are cleared to prevent obsolete protocol actions.

* The system resets the `profileToToken` tracking flag to zero on deletion but fails to notify or clear historical context in the `LikeRegistry` contract. Consequently, if a user re-mints a fresh identity profile under the same address string, legacy interaction variables are automatically inherited.

## Risk

### Likelihood

- An end-user chooses to destroy their active dating profile card to clear their matching matrix or initialize a fresh profile layout.

- External participants interact with or like the target address before or during the identity regeneration loop.

### Impact

- Obsolete interest markers automatically trigger unwanted or un-validated mutual match hooks on newly re-minted instances.

- Stale interaction flags disrupt the intentional protocol invariant requiring clean database states for new profiles.

---

## Proof of Concept

The test scenario confirms that legacy mappings continue to persist. After Alice purges her profile via `burnProfile()` and executes a clean initialization step under a fresh identity name mapping, her original interaction history remains active inside `LikeRegistry`.

```solidity

function test_BurnProfileLeavesStaleState() public {

vm.prank(alice);

profileNFT.mintProfile("Alice", 25, "imageHash");

vm.prank(bob);

profileNFT.mintProfile("Bob", 28, "imageHash");

// Alice likes Bob

vm.prank(alice);

likeRegistry.likeUser{value: 1 ether}(bob);

// Alice burns her profile

vm.prank(alice);

profileNFT.burnProfile();

// Alice's like on Bob is still recorded

assertTrue(likeRegistry.likes(alice, bob));

// Alice re-mints — her old like is still there

vm.prank(alice);

profileNFT.mintProfile("AliceNew", 26, "imageHash2");

assertTrue(likeRegistry.likes(alice, bob)); // Stale state persists

}

```

---

## Recommended Mitigation

Integrate an interface dependency link or call mapping routine inside the burn lifecycle to securely wipe out relational database arrays.

```diff

function burnProfile() external {

// ... existing burn logic ...

+ likeRegistry.cleanupState(msg.sender); // Clear stale likes and matches

}

```

Root cause in the codebase with @> marks to highlight the relevant section

Risk

Likelihood:

Reason 1 // Describe WHEN this will occur (avoid using "if" statements)
Reason 2

Impact:

Impact 1
Impact 2

Proof of Concept

Recommended Mitigation

- remove this code

+ add this code

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge 1 day ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!