Delete parent mapping with child mapping

[steventhornton]

The idea for this level to have a contract with a mapping that contains a mapping. Somewhere within the contract, an entry of the parent mapping would be deleted but the child mapping would remain in storage.

For example,

struct Balance {
    uint256 balance;
    mapping(uint256 => uint256) pendingBalances;
}

mapping(address => Balance) public balances;

where somewhere delete balances[msg.sender] is used (say they withdraw their entire balance) but this doesn't delete values in balances[msg.sender].pendingBalances. Some logic could be included to check if balances[msg.sender].balance == 0 and assume that the users balance is uninitialized in this case.

I don't know exactly where the vulnerability would be introduced yet to make it an interesting level but could probably add some accounting error somewhere when assuming a users position is uninitialized that would allow the user to withdraw more tokens than they should be able to.