[BUG] Infinite XP Farming Vulnerability in determineBadges() (Security/Logic Flaw)

[Niteshagarwal01]

Describe the bug
There is a logical vulnerability in the gamification engine that allows users to farm infinite Dev Points. The determineBadges function recalculates earned badges entirely from scratch based on the user's current profile state (e.g., bio length, linked social accounts). It does not preserve most previously earned badges. If a user deletes their bio, they "lose" the profile-perfect badge. When they re-add their bio, the backend views it as a "newly unlocked" badge and awards them XP again.

To Reproduce
Steps to reproduce the behavior:

1. Go to your Profile Settings.
2. Fill out your Name, Bio, Photo, and Role to unlock the profile-perfect badge and earn XP.
3. Delete your Bio and click Save.
4. Re-enter your Bio and click Save.
5. See error: You are re-awarded the profile-perfect badge and granted duplicate XP. Repeat to farm infinite points.

Expected behavior
Badges should be permanent once unlocked. Deleting profile data should not revoke the badge from the earned list, and re-adding the data should not trigger a duplicate XP grant.

Screenshots
N/A

Desktop (please complete the following information):

• OS: All
• Browser: All
• Version: Latest

Smartphone (please complete the following information):

• Device: All
• OS: All
• Browser: All

Additional context
File affected: src/lib/point-calculation.ts. The determineBadges function should cross-reference the user's existing achievements array and ensure that existing badges are preserved in the returned array.

[github-actions]

Welcome to DevPath Community's Official Repository! 🎉 Thank you for bringing this up and starting your contributions to our project.

Please do star ⭐ the repo and keep growing in your Open Source Journey! 🚀

@Niteshagarwal01, @Aditya948351 or @devpathindcommunity-india will review this and assign you this issue ASAP by checking if it is really needed for the website.

[Aditya948351]

Great you found out this one! Assigning you this!

@Niteshagarwal01 I would like to suggest to also update the sign in issue if its really working or not and also that cookies thing what it does really find the issue there also in open-source section i am planning to add a dedicated leaderboard for contributors of this repo irrespective of their contributions and their rank can be shown in their Profile!

[github-actions]

Hi @Niteshagarwal01! We have officially assigned this issue to you. Please start working on it, and good luck with your PR!

ETA: 3 days
Issue will be assigned to another contributor if failed to do so!

---

Join our Discord channel for GSSoC'26 doubts: https://discord.gg/5aJjhYHZ