it is possible to raise fund more than the goal set
Summary
when contributor call contributethere are no check if amountprovided would surpass the goal of the campaign.
then it is possible for a campaign to have more fund than the goal
Vulnerability Details
if the goal is 100, and currently there are 90 SOL sitting on the contract. then a contributor A try to call contributewith 10 SOL and at the same time contributor B try to call contributewith 5 SOL.
because there are no check if goalis already reached, then the function calls would succeed, effectively makes the contract have 105 SOL when the goal is 100 SOL.
Impact
the campaign goal can be exceeded, it would break the core function because the goal are there to limit what a campaign can receive
Tools Used
manual review
Recommendations
validate the amount provided when calling contributeand possibly adjust the amount ex: if the contract missing 5 SOL and contributor contribute 10 SOL, then change the amount to 5 SOL only.
also add check inside contributefunction to revert if the goal already reached so no new contributor can be added
Appeal created
[Invalid] The contributions are allowed even after the campaign's goal is reached
Typically the crowdfunding campaigns allow contribution after the goal is achieved. This is normal, because the goal is the campaign to raise as much as possible funds. Therefore, this is a design choice.
[Invalid] The contributions are allowed even after the campaign's goal is reached
Typically the crowdfunding campaigns allow contribution after the goal is achieved. This is normal, because the goal is the campaign to raise as much as possible funds. Therefore, this is a design choice.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.