Missing goal amount check in refund
Summary
the refund function lacks a check to verify whether the campaign’s funding goal has been met, allowing contributors to withdraw funds even after a campaign succeeds
Vulnerability Details
The refund function is intended to allow contributors to reclaim their SOL contributions if a campaign fails to meet its funding goal by the deadline. However, the current implementation only checks the deadline and misses a critical validation: it does not verify whether the campaign’s amount_raised is less than the goal. As a result, contributors can request refunds even when the funding goal has been met, undermining the campaign’s success and the creator’s ability to withdraw fund
Impact
This vulnerability allows contributors to withdraw their SOL contributions after a campaign has successfully met its funding goal, which violates the intended behavior of the platform.
Tools Used
Manual Code Review
Recommendations
The refund function should be updated to include a check verifying that the campaign’s raised amount is less than its goal
Appeal created
There is no check for goal achievement in `refund` function
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.