Integer Overflow in `fund.amount_raised`
Description
The fund_contribute function updates fund.amount_raised using +=, which is vulnerable to integer overflow if the sum of amount_raised and amount exceeds the maximum u64 value.
Impact
-
Fund Accounting Corruption: Overflow could reset
amount_raisedto an incorrect value, making the protocol believe the fund’s goal was met prematurely or not at all. -
Financial Loss: Contributors might receive incorrect refunds or rewards based on corrupted data.
Affected Code
Recommendation
Replace += with checked_add to handle arithmetic safely and throw an error on overflow:
Appeal created
[Invalid] Arithmetic overflow in `contribute` function
The max value of u64 is: 18,446,744,073,709,551,615 or around 18.4 billion SOL, given that the total supply of SOL on Solana is 512.50M, the scenario when the `contribute` function will revert due to overflow is very very unlikely to happen. Therefore, this is informational finding.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.