RustFund
First Flight #36
Beginner FriendlyRust
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Incorrect Contribution Tracking Leading to Fund Loss

0xluckyluke

Summary

The contribute function fails to update the Contribution account's amount field, causing only the latest contribution to be recorded. This results in incorrect refund amounts and potential loss of funds for contributors.

Vulnerability Details

In the contribute function, the Contribution account's amount is initialized to 0 but never incremented with the contributed amount. As a result, each new contribution overwrites the previous value. During a refund, only the last contribution is refunded, despite multiple contributions.

https://github.com/CodeHawks-Contests/2025-03-rustfund/blob/b5dd7b0ec01471667ae3a02520701aae405ac857/programs/rustfund/src/lib.rs#L37

// Initialize or update contribution record
if contribution.contributor == Pubkey::default() {
contribution.contributor = ctx.accounts.contributor.key();
contribution.fund = fund.key();
contribution.amount = 0; // Not updated after transfer
}

Impact

Contributors lose access to previously contributed funds, as refunds only return the latest contribution. This breaks core contract logic and leads to irreversible fund loss.

Tools Used

Recommendations

Update the Contribution account's amount after each transfer:

+ contribution.amount += amount; // Add this line after the transfer
Updates

Lead Judging Commences

bube Lead Judge
3 months ago

Appeal created

bube Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Contribution amount is not updated

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.