RustFund

First Flight #36

Beginner FriendlyRust

100 EXP

View results

Previous Next

Submission Details

Severity: high

Invalid

Typo-Induced Deadline Manipulation Vulnerability in Fund Management Protocol

kweks

Summary

A typo in the Fund Struct causes critical security failures that undermine the protocol’s integrity. The incorrectly named field, dealine_set, is never updated, allowing unauthorized modifications to the fund’s deadline. This single point of failure leads to two major issues:

State Tracking Failure: The flag intended to track whether a deadline has been set (deadline_set) is never updated, allowing repeated modifications.
Broken Access Control: The protocol’s enforcement of immutable deadlines is bypassed, allowing multiple calls to set_deadline.

By correcting this typo, both vulnerabilities are resolved.

Vulnerability Details

Root Cause Analysis

The Fund struct defines the flag as dealine_set (misspelled) instead of deadline_set. As a result:

The function set_deadline incorrectly references dealine_setwhich is never set to true.
The intended deadline_set flag remains false, allowing multiple deadline modifications.

Code Analysis

Current Code (Vulnerable)

pub fn set_deadline(ctx: Context<FundSetDeadline>, deadline: u64) -> Result<()> {

let fund = &mut ctx.accounts.fund;

// Typo: `dealine_set` instead of `deadline_set`

if fund.dealine_set {

return Err(ErrorCode::DeadlineAlreadySet.into());

}

fund.deadline = deadline;

// Missing: fund.deadline_set = true;

Ok(())

}

Impact Analysis

Issue	Direct Cause
Typo in `dealine_set`	The misspelled field remains `false` and is never updated.
Deadline Set Repeatedly	The function does not recognize that a deadline has already been set.

Exploitation Scenario

An attacker (or even a legitimate user) calls set_deadline().
The function does not recognize that a deadline has been set (due to the typo).
The attacker can call set_deadline() repeatedly, modifying the deadline at will.

Recommended Fix

To resolve both issues, the typo must be corrected in the Fund struct and the set_deadline function.

Fixed Code

// ✅ Step 1: Correct the typo in the Fund struct

pub struct Fund {

pub deadline_set: bool, // Corrected

// ... other fields

}

// ✅ Step 2: Update set_deadline to use the corrected field

pub fn set_deadline(ctx: Context<FundSetDeadline>, deadline: u64) -> Result<()> {

let fund = &mut ctx.accounts.fund;

if fund.deadline_set { // Corrected check

return Err(ErrorCode::DeadlineAlreadySet.into());

}

fund.deadline = deadline;

fund.deadline_set = true; // Mark as set

Ok(())

}

Conclusion

This vulnerability is a single point of failure affecting both state tracking and access control. Fixing the typo eliminates the risk of repeated modifications and restores protocol integrity. This issue is critical because it directly undermines the contract’s immutability guarantees. By applying this fix, the protocol ensures deadlines can only be set once, as intended.

Updates

Appeal created

bube Lead Judge 6 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

[Invalid] Wrong naming of `deadline_set`

This is strong informational finding, there is no impact for the protocol. The variable is the same on all places.

Rewards breakdown

nSLOC

170

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.