Submission Details
Severity:
Missing `amount_raised` Reset After Withdrawal
Description
The withdraw function transfers the total amount_raised to the creator but does not reset fund.amount_raised to 0 afterward. This allows the creator to repeatedly withdraw the same funds, draining the fund account.
Impact
Fund Drainage: The creator can withdraw the
amount_raisedmultiple times, even after funds have already been transferred.Protocol Integrity Loss: The
amount_raisedvalue becomes untrustworthy, breaking fund accounting logic.
Affected Code
pub fn withdraw(ctx: Context<FundWithdraw>) -> Result<()> {
let amount = ctx.accounts.fund.amount_raised;
// Transfers funds to creator...
**ctx.accounts.fund.to_account_info().try_borrow_mut_lamports()? =
ctx.accounts.fund.to_account_info().lamports()
.checked_sub(amount)
.ok_or(ProgramError::InsufficientFunds)?;
**ctx.accounts.creator.to_account_info().try_borrow_mut_lamports()? =
ctx.accounts.creator.to_account_info().lamports()
.checked_add(amount)
.ok_or(ErrorCode::CalculationOverflow)?;
// MISSING: Reset amount_raised to 0!
Ok(())
}
Recommendation
Reset amount_raised to 0 after withdrawal:
// After transferring funds:
fund.amount_raised = 0;
Updates
Appeal created
bube 3 months ago
Submission Judgement Published Assigned finding tags:
`amount_raised` is not reset to 0 in `withdraw` function
Rewards breakdown
nSLOC
170This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.