DatingDapp

AI First Flight #6

Beginner FriendlyFoundrySolidityNFT

EXP

View results

Previous Next

Submission Details

Impact: low

Likelihood: medium

Invalid

likeUser keeps any overpayment above 1 ETH with no refund, silently taking the excess

sub99

`likeUser` keeps overpayment above 1 ETH without refunding the surplus

Description

likeUser validates with msg.value >= 1 ether (line 32) rather than an exact amount, and never refunds the excess. Any ETH a user sends above 1 ETH is silently retained by the contract.

function likeUser(address liked) external payable {

require(msg.value >= 1 ether, "Must send at least 1 ETH"); // @> accepts >1 ETH, no refund of surplus

require(!likes[msg.sender][liked], "Already liked");

Risk

Likelihood: Low. Most users will send exactly 1 ETH, but fat-finger overpayment or front-end miscalculation will occasionally send more.

Impact: Low. The surplus over 1 ETH is kept by the contract with no mechanism to return it to the sender. Combined with the missing deposit accounting (userBalances is never credited in likeUser), the overpaid ETH is not even attributed to the user and becomes stranded contract balance. Loss is bounded to each user's own overpayment.

Proof of Concept

Send more than 1 ETH and observe that nothing is refunded.

function test_overpaymentNotRefunded() public {

uint256 balBefore = alice.balance;

vm.prank(alice);

registry.likeUser{value: 5 ether}(bob); // overpays by 4 ETH

// alice is down the full 5 ETH, surplus not returned

assertEq(alice.balance, balBefore - 5 ether);

assertEq(address(registry).balance, 5 ether);

}

Recommended Mitigation

Require the exact amount, or refund the surplus to the sender.

- require(msg.value >= 1 ether, "Must send at least 1 ETH");

+ require(msg.value == 1 ether, "Must send exactly 1 ETH");

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 2 hours ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!