RustFund

First Flight #36

Beginner FriendlyRust

100 EXP

View results

Previous Next

Submission Details

Severity: high

Invalid

(HIGH) Missing Amount Check in contribute

xyizko

Summary

The contribute function does not check if the contribution amount is greater than zero. This allows users to create "empty" contribution records, wasting storage and potentially causing issues with calculations or logic that relies on contribution amounts.

Vulnerability Details

The contribute function in programs/rustfund/src/lib.rs lacks a check to ensure that the amount parameter is greater than 0. This means a transaction can be successfully processed even if no SOL is actually transferred. The function initializes a Contribution account even if amount is 0.

pub fn contribute(ctx: Context<FundContribute>, amount: u64) -> Result<()> {

let fund = &mut ctx.accounts.fund;

let contribution = &mut ctx.accounts.contribution;

if fund.deadline != 0 && fund.deadline < Clock::get().unwrap().unix_timestamp.try_into().unwrap() {

return Err(ErrorCode::DeadlineReached.into());

}

// Initialize or update contribution record

if contribution.contributor == Pubkey::default() {

contribution.contributor = ctx.accounts.contributor.key();

contribution.fund = fund.key();

contribution.amount = 0;

}

// VULNERABILITY: No check for `amount > 0`

// A user can call this function with amount = 0, and it will still

// create a contribution account and execute the transfer

// Transfer SOL from contributor to fund account

let cpi_context = CpiContext::new(

ctx.accounts.system_program.to_account_info(),

system_program::Transfer {

from: ctx.accounts.contributor.to_account_info(),

to: fund.to_account_info(),

);

system_program::transfer(cpi_context, amount)?;

fund.amount_raised += amount; //This will still execute, even though logically it should not

Ok(())

}

Impact

High: Wastes storage space on the blockchain by creating unnecessary Contribution accounts.
Could lead to unexpected behavior in functions that iterate through or calculate based on contribution records, as they might encounter zero-amount contributions.
It won't directly steal funds, but it degrades the platform's efficiency and can create edge-case bugs.

Tools Used

Manual code review
Solana Explorer (to observe account creation)

Recommendations

Add a check at the beginning of the contribute function to ensure that amount is greater than zero. Return an error if it is not.

if amount == 0 {

return Err(ErrorCode::ZeroContribution.into()); // Add a ZeroContribution error to your ErrorCode enum

}

Add this to the error code:

#[error_code]

pub enum ErrorCode {

// ... other errors ...

#[msg("Contribution amount must be greater than zero")]

ZeroContribution,

}

Updates

Appeal created

bube Lead Judge 2 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

[Invalid] Lack of minimal `amount` in `contribute` function

If user contributes 0 SOL, the `contribution.amount` will be updated with 0 value. There is no impact on the protocol. Also, the new contributers should pay for account creation, therefore there is no incentive someone to create a very huge number of accounts to contribute zero amount.

Rewards breakdown

nSLOC

170

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.