Unchecked Arithmetic in amount_raised Field
Summary
The contribute function updates the amount_raised field using unchecked arithmetic (+=), which can lead to integer overflow. This vulnerability could result in incorrect accounting of funds, potentially allowing malicious users to exploit the contract.
Vulnerability Details
In the contribute function, the amount_raised field is updated as follows:
This operation does not check for overflow, which can occur if amount_raised + amount exceeds the maximum value of a u64.
Impact
If an overflow occurs, the amount_raised field will wrap around to a small value, leading to incorrect accounting of funds.
Tools Used
manual review
Recommendations
Replace the unchecked arithmetic with checked_add to handle overflow safely:
Appeal created
[Invalid] Arithmetic overflow in `contribute` function
The max value of u64 is: 18,446,744,073,709,551,615 or around 18.4 billion SOL, given that the total supply of SOL on Solana is 512.50M, the scenario when the `contribute` function will revert due to overflow is very very unlikely to happen. Therefore, this is informational finding.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.