Submission Details
Severity:
No Checks for Deadline or Goal Achievement in `withdraw` function
Summary No Checks for Deadline or Goal Achievement in withdraw function
Vulnerability Details : The withdraw function does not verify if the deadline has passed or if the funding goal was met. This allows the creator to withdraw funds at any time, regardless of whether the funding period has ended or the goal was achieved.
Impact - Creators can withdraw funds before the deadline, potentially before the funding goal is met.
This could lead to misuse of funds and loss of trust from contributors.
Tools Used
Recommendations
+ Add checks to ensure the deadline has passed and the goal has been met before allowing withdrawal.
+ let current_time = Clock::get()?.unix_timestamp.try_into().unwrap();if fund.deadline == 0 || fund.deadline > current_time { return Err(ErrorCode::DeadlineNotReached.into());}if fund.amount_raised < fund.goal { return Err(ErrorCode::GoalNotReached.into());}
Updates
Appeal created
bube 4 months ago
Submission Judgement Published Assigned finding tags:
No deadline check in `withdraw` function
No goal achievement check in `withdraw` function
Rewards breakdown
nSLOC
170This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.