RustFund

Summary

The amount_raised field in the Fund struct is a u64. The contribute function adds the contribution amount to amount_raised without checking for arithmetic overflow. If amount_raised + amount exceeds the maximum value of a u64, it will wrap around to a small value, potentially bypassing the intended fundraising goal.

Vulnerability Details

The contribute function in programs/rustfund/src/lib.rs) adds the amount to the fund.amount_raised field:

If a malicious user makes a very large contribution such that fund.amount_raised + amount is greater than u64::MAX, the value of fund.amount_raised will wrap around. For example, if the current amount is close to u64::MAX and someone adds 2, then the amount_raised will become 1.

Impact

• High: Allows a malicious actor to potentially bypass the fundraising goal. If the goal is close to the maximum value of a u64, a carefully crafted contribution could cause amount_raised to wrap around to a small value, making it appear as if the goal hasn't been reached when, in fact, a large amount of SOL has been transferred. This could be exploited to:

  • Prevent legitimate contributions (if logic exists to stop contributions after the goal is met - although such logic is not present in the current code, it's a common pattern).

  • Allow the creator to withdraw more funds than intended, as they could make a massive contribution, wrap the value, and then the actual value may be very low.

  • DOS Attack: A malicious contributor could cause an overflow, resulting in a much smaller amount raised value, rendering the contribution system useless.

Tools Used

• Manual code review

• Basic understanding of integer overflows

Recommendations

Use checked arithmetic to prevent the overflow. Return an error if an overflow occurs.