Submission Details
Severity:
Absence of a function to transfer SOL within the refund process.
Summary
The refund function in your Solana program is designed to process refunds for contributors to a fund. It ensures contributors can reclaim their contributions under certain conditions.
Vulnerability Details
Absence of a function to transfer SOL within the refund process.
Impact
The balance on the protocol is updated, but the funds are not transferred to the specified address.
Tools Used
manual review
Recommendations
Please add transfer sol function to refund process
pub fn refund(ctx: Context<FundRefund>) -> Result<()> {
let amount = ctx.accounts.contribution.amount;
if ctx.accounts.fund.deadline != 0 && ctx.accounts.fund.deadline > Clock::get().unwrap().unix_timestamp.try_into().unwrap() {
return Err(ErrorCode::DeadlineNotReached.into());
}
**ctx.accounts.fund.to_account_info().try_borrow_mut_lamports()? =
ctx.accounts.fund.to_account_info().lamports()
.checked_sub(amount)
.ok_or(ProgramError::InsufficientFunds)?;
**ctx.accounts.contributor.to_account_info().try_borrow_mut_lamports()? =
ctx.accounts.contributor.to_account_info().lamports()
.checked_add(amount)
.ok_or(ErrorCode::CalculationOverflow)?;
// Perform the SOL transfer using the System Program
let cpi_context = CpiContext::new(
ctx.accounts.system_program.to_account_info(),
system_program::Transfer {
from: ctx.accounts.fund.to_account_info(),
to: ctx.accounts.contributor.to_account_info(),
},
);
system_program::transfer(cpi_context, amount)?;
// Reset contribution amount after refund
ctx.accounts.contribution.amount = 0;
Ok(())
}
Rewards breakdown
nSLOC
170This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.