Submission Details
Severity:
unnecessary storage usage and processing overhead
Summary No Check for Zero Contribution in contribute function leading to unnecessary storage usage and processing overhead
Vulnerability Details : The contribute function lacks a check to prevent zero-value contributions. This allows contributors to make contributions of zero SOL, which may not be meaningful and could clutter the contribution records.
Impact - Contributors can create contribution records without actually contributing any SOL, leading to unnecessary storage usage and processing overhead.
This could confuse the refund mechanism, although currently, refunds are broken due to other issues.
Recommendations
+ Add a check to ensure amount > 0 before processing the contribution.
+ if amount == 0 { return Err(ErrorCode::InvalidContributionAmount.into());}
Updates
Appeal created
bube 4 months ago
Submission Judgement Published Reason: Non-acceptable severity
Assigned finding tags:
[Invalid] Lack of minimal `amount` in `contribute` function
If user contributes 0 SOL, the `contribution.amount` will be updated with 0 value. There is no impact on the protocol. Also, the new contributers should pay for account creation, therefore there is no incentive someone to create a very huge number of accounts to contribute zero amount.
Rewards breakdown
nSLOC
170This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.