Calm Hotpink Sealion
Medium
The updateDonationRecipient function in the reputationMarket.sol lacks proper validation to prevent a user (msg.sender) from setting themselves as the newRecipient. This oversight, combined with hardcoding donationEscrow[msg.sender] = 0, allows for the complete loss of the user’s donation balance.
In updateDonationRecipient, the function lacks a critical validation check to prevent msg.sender from setting themselves as the newRecipient. This leads to the following sequence of issues:
In ReputationMarket.sol:621-644
There is no check to ensure msg.sender != newRecipient.
In RepuationMarket.sol:642, the balance of msg.sender is hardcoded to 0 after the transfer (donationEscrow[msg.sender] = 0), leading to a loss of funds if the newRecipient is the same address as msg.sender.
No response
No response
The user intends to change their donation recipient, but due to a lack of validation, they mistakenly set their own address (msg.sender) as the newRecipient. In this case, the contract will not prevent the user from setting themselves as the recipient.
No response
Prevent users from setting their own msg.sender address as the new recipient