DatingDapp

AI First Flight #6

Beginner FriendlyFoundrySolidityNFT

EXP

View results

Previous Next

Submission Details

Impact: low

Likelihood: low

Invalid

burnProfile and blockProfile leave stale likes/matches/userBalances in LikeRegistry, desynchronizing profile and dating state

sub99

Burning or blocking a profile leaves stale dating state in `LikeRegistry`

Description

SoulboundProfileNFT.burnProfile (line 44) and blockProfile (line 57) remove a user's profile NFT and profileToToken mapping, but neither notifies LikeRegistry. The user's likes, matches, and userBalances entries (LikeRegistry lines 20-22) are never cleared, leaving dating state that points at a profile which no longer exists.

function burnProfile() external {

uint256 tokenId = profileToToken[msg.sender];

require(tokenId != 0, "No profile found");

require(ownerOf(tokenId) == msg.sender, "Not profile owner");

_burn(tokenId);

delete profileToToken[msg.sender]; // @> LikeRegistry likes/matches/userBalances not touched

delete _profiles[tokenId];

Risk

Likelihood: Low. Occurs whenever a user deletes their profile or is blocked while having existing likes or matches.

Impact: Low. The two contracts desynchronize: LikeRegistry still lists the burned user in matches[other] and retains likes flags, so other users see and can interact with a ghost profile, and a later re-mint (see the ban-bypass finding) inherits stale likes records (likes[msg.sender][x] may still be true, blocking re-likes or producing inconsistent match logic). No direct fund loss, but the dating state is incorrect and confusing.

Proof of Concept

Create a like, burn the profile, and show the like flag persists in LikeRegistry.

function test_burnLeavesStaleLikeState() public {

vm.prank(alice);

registry.likeUser{value: 1 ether}(bob);

assertTrue(registry.likes(alice, bob));

vm.prank(alice);

nft.burnProfile(); // profile gone...

assertTrue(registry.likes(alice, bob)); // ...but like state remains

}

Recommended Mitigation

Add a hook/notification so LikeRegistry clears the user's likes, matches, and userBalances when their profile is burned or blocked.

+ // in SoulboundProfileNFT, after _burn:

+ likeRegistry.onProfileBurned(user); // clears likes/matches/userBalances for `user`

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 2 hours ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!