Forget to update `LikeRegistry::userBalances` when user likes someone, which results in users have no fund in their multi-sig wallet when they matched later; also makes the `LikeRegistry::totalFees` be 0, protocol owner will have no funds to withdraw
Forget to update LikeRegistry::userBalances when user likes someone, which results in users have no fund in their multi-sig wallet when they matched later; also makes the LikeRegistry::totalFees be 0, protocol owner will have no funds to withdraw.
Description
-
Forget to update
userBalanceswhen user like another user. User pays ether when like, but their balances are not recorded. Later when they get matched, they will get no fund in their multi-sig wallet. -
The totalFees can be withdrawed is also 0.
Risk
Likelihood: High
This is one hundred percentage to happen! Every time users likes someone, their balance is not recorded.
Impact: High
-
If user get matched, they will get no fund in their multi-sig wallet.
-
The
LikeRegistry::totalFeescan be withdrawed for owner is also 0.
Proof of Concept
User Alice and Bob mint their profile
User Alice pay 1 ether to like Bob
Check Alice's balance in
LikeRegistry::userBalances
Recommended Mitigation
Add the update user balance logic in the LikeRegistry::likeUser function.
Lead Judging Commences
[H-01] After the user calls the `likeUser` function, the userBalance does not increase by the corresponding value.
## Description User A calls `likeUser` and sends `value > 1` ETH. According to the design of DatingDapp, the amount for user A should be accumulated by `userBalances`. Otherwise, in the subsequent calculations, the balance for each user will be 0. ## Vulnerability Details When User A calls `likeUser`, the accumulation of `userBalances` is not performed. ```solidity function likeUser( address liked ) external payable { require(msg.value >= 1 ether, "Must send at least 1 ETH"); require(!likes[msg.sender][liked], "Already liked"); require(msg.sender != liked, "Cannot like yourself"); require(profileNFT.profileToToken(msg.sender) != 0, "Must have a profile NFT"); require(profileNFT.profileToToken(liked) != 0, "Liked user must have a profile NFT"); likes[msg.sender][liked] = true; emit Liked(msg.sender, liked); // Check if mutual like if (likes[liked][msg.sender]) { matches[msg.sender].push(liked); matches[liked].push(msg.sender); emit Matched(msg.sender, liked); matchRewards(liked, msg.sender); } } ``` This will result in `totalRewards` always being 0, affecting all subsequent calculations: ```solidity uint256 totalRewards = matchUserOne + matchUserTwo; uint256 matchingFees = (totalRewards * FIXEDFEE ) / 100; uint256 rewards = totalRewards - matchingFees; totalFees += matchingFees; ``` ## POC ```solidity function testUserBalanceshouldIncreaseAfterLike() public { vm.prank(user1); likeRegistry.likeUser{value: 20 ether}(user2); assertEq(likeRegistry.userBalances(user1), 20 ether, "User1 balance should be 20 ether"); } ``` Then we will get an error: ```shell [FAIL: User1 balance should be 20 ether: 0 != 20000000000000000000] ``` ## Impact - Users will be unable to receive rewards. - The contract owner will also be unable to withdraw ETH from the contract. ## Recommendations Add processing for `userBalances` in the `likeUser` function: ```diff function likeUser( address liked ) external payable { require(msg.value >= 1 ether, "Must send at least 1 ETH"); require(!likes[msg.sender][liked], "Already liked"); require(msg.sender != liked, "Cannot like yourself"); require(profileNFT.profileToToken(msg.sender) != 0, "Must have a profile NFT"); require(profileNFT.profileToToken(liked) != 0, "Liked user must have a profile NFT"); likes[msg.sender][liked] = true; + userBalances[msg.sender] += msg.value; emit Liked(msg.sender, liked); [...] } ```
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Judging
Submissions are being reviewed by our AI judge. Results will be available in a few minutes.
View all submissionsRewards Distribution
The contest is complete and the rewards are being distributed.