likeUser() uses require(msg.value >= 1 ether) instead of ==, accepting any amount above 1 ETH without refunding the excess. The error message actively encourages overpayment.
The contract has no refund mechanism. Any ETH above 1 ETH is absorbed into the contract balance and either locked permanently (due to H-01) or distributed unevenly through matchRewards() if H-01 is fixed. The error message says "Must send at least 1 ETH," which actively invites users to send more than required. Users interacting via a custom frontend, script, or directly through Etherscan can easily send more than 1 ETH.
Likelihood:
Wallet UIs that auto-suggest gas amounts or users who mistype the value trigger this. The error message's wording ("at least") actively encourages overpayment.
Impact:
Excess ETH is permanently lost to the user. With H-01 present, it is locked forever. With H-01 fixed, it inflates that user's userBalances and gets distributed to whichever match triggers first, benefiting the wrong counterparty.
The test shows Alice sending 5 ETH instead of the required 1 ETH. The contract keeps all 5 ETH with no refund of the 4 ETH excess. Alice's balance drops by the full 5 ETH.
Change the >= to == so the function only accepts exactly 1 ETH. This prevents accidental overpayment and makes the expected value unambiguous. Users who send the wrong amount get a clear revert instead of silently losing funds.
The contest is live. Earn rewards by submitting a finding.
Submissions are being reviewed by our AI judge. Results will be available in a few minutes.
View all submissionsThe contest is complete and the rewards are being distributed.