Submission Details
Severity:
users can contribute even when goal is reached
users are still allowed to contribute even when goal is reached.
pub fn contribute(ctx: Context<FundContribute>, amount: u64) -> Result<()> {
let fund = &mut ctx.accounts.fund;
let contribution = &mut ctx.accounts.contribution;
if fund.deadline != 0 && fund.deadline < Clock::get().unwrap().unix_timestamp.try_into().unwrap() {
return Err(ErrorCode::DeadlineReached.into());
}//@audit-info not check if goal reached
// Initialize or update contribution record
if contribution.contributor == Pubkey::default() {
contribution.contributor = ctx.accounts.contributor.key();
contribution.fund = fund.key();
contribution.amount = 0;
}
// Transfer SOL from contributor to fund account
let cpi_context = CpiContext::new(
ctx.accounts.system_program.to_account_info(),
system_program::Transfer {
from: ctx.accounts.contributor.to_account_info(),
to: fund.to_account_info(),
},
);
system_program::transfer(cpi_context, amount)?;
fund.amount_raised += amount;
Ok(())
}
Impact
Users can still contribute when goal is reached defeating the purpose of a fundraising.
Recommendation
contributor should not be able to contribute after goal is reached
Updates
Appeal created
bube 3 months ago
Submission Judgement Published Reason: Design choice
Assigned finding tags:
[Invalid] The contributions are allowed even after the campaign's goal is reached
Typically the crowdfunding campaigns allow contribution after the goal is achieved. This is normal, because the goal is the campaign to raise as much as possible funds. Therefore, this is a design choice.
Rewards breakdown
nSLOC
170This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.