Inconsistent Profile Existence Checks Enable Repeated User Count Manipulation #27
Description
Hi @KanishkSogani , I have gone through the project and developed a good understanding and now I found that, just go through the PSeudo execution points below:
- User A creates a profile
- setProfile("Aniket", "...", "...") is called
- The system checks the profile name length
- Name length is 0, so the profile is treated as new
- totalProfiles is increased by 1
- User A updates the same profile and clears the name
- setProfile("", "...", "...") is called
- The profile still exists
- The stored name becomes an empty string
- User A updates the profile again with a valid name
- setProfile("Aniket", "...", "...") is called
- The system again checks the profile name length
- Name length is 0 at the time of the check
- The contract treats this update as a new profile
- totalProfiles is incremented again
- No new user was actually created
- The same user can repeat this cycle indefinitely
- totalProfiles keeps increasing without new users
- The counter no longer reflects real platform adoption
- Platform metrics become misleading and unreliable
function setProfile(
string calldata name,
string calldata contact,
string calldata bio
) external {
// Check if this is a new profile (first time setting)
bool isNewProfile = bytes(userProfiles[msg.sender].name).length == 0; //
userProfiles[msg.sender] = Profile({
name: name,
contact: contact,
bio: bio
}); //
// Increment profiles counter only for new profiles
if (isNewProfile) {
totalProfiles++; //
}
emit ProfileUpdated(msg.sender);
}@KanishkSogani What's your view on this , Please feel free to assign