Submission Details
Severity:
Absence of a function to transfer SOL within the withdraw process.
Summary
The goal of the withdraw function is to allow the creator of a fund to withdraw the full amount of funds raised in the fund
Vulnerability Details
Absence of a function to transfer SOL within the withdraw process.
Impact
The balance on the protocol is updated, but the funds are not transferred to the specified address.
Tools Used
manual review
Recommendations
Please add transfer sol function to withdraw process
pub fn withdraw(ctx: Context<FundWithdraw>) -> Result<()> {
let amount = ctx.accounts.fund.amount_raised;
**ctx.accounts.fund.to_account_info().try_borrow_mut_lamports()? =
ctx.accounts.fund.to_account_info().lamports()
.checked_sub(amount)
.ok_or(ProgramError::InsufficientFunds)?;
**ctx.accounts.creator.to_account_info().try_borrow_mut_lamports()? =
ctx.accounts.creator.to_account_info().lamports()
.checked_add(amount)
.ok_or(ErrorCode::CalculationOverflow)?;
let cpi_context = CpiContext::new(
ctx.accounts.system_program.to_account_info(),
system_program::Transfer {
from: ctx.accounts.fund.to_account_info(),
to: ctx.accounts.creator.to_account_info(),
},
);
system_program::transfer(cpi_context, amount)?;
// Reset the amount raised to 0 after withdrawal
ctx.accounts.fund.amount_raised = 0;
Ok(())
}
}
Rewards breakdown
nSLOC
170This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.