RustFund

First Flight #36

Beginner FriendlyRust

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

Unauthorized Refund Mechanism

kweks

Summary

The vulnerability in the refund logic allows contributors to withdraw funds from successful campaigns, directly contradicting the protocol's core specification and creating an economic exploit.

Vulnerability Details

1. Specification Violation

Intended Rule: Refunds are only permitted when:

Campaign deadline is reached
Funding goal is NOT met

Current Implementation:

Ignores goal achievement check
Allows refunds for fully funded campaigns
Enables systematic fund drainage

2. Technical Breakdown

Flawed Refund Logic

pub fn refund(ctx: Context<FundRefund>) -> Result<()> {

// Critical Vulnerability: No goal achievement check

if fund.deadline != 0 && fund.deadline > current_time {

return Err(ErrorCode::DeadlineNotReached.into());

}

// Refunds proceed indiscriminately!

}

Potential Attack Vectors

Post-Success Drainage
- Contributors can reclaim funds after the campaign succeeds
- Creators lose guaranteed funding
- The platform's economic model becomes unstable
Race Condition Exploit
- Malicious contributors can front-run the creator's withdrawal
- Selectively drain funds after the campaign reaches its goal
- Undermine the platform's financial predictability

Impact Assessment

Financial Risks

Immediate Loss: Creators cannot rely on raised funds
Trust Erosion: Contributors can arbitrarily reverse pledges
Economic Instability: Unpredictable fund availability

Scenario Demonstration

Campaign Goal: 80 SOL
Raised Funds: 100 SOL
Deadline Reached: ✓
Goal Achieved: ✓
Exploit: Contributors can still request full refunds

Recommended Remediation

Comprehensive Fix

pub fn refund(ctx: Context<FundRefund>) -> Result<()> {

let fund = &ctx.accounts.fund;

// Enforce Deadline Reached

require!(

fund.deadline <= Clock::get()?.unix_timestamp as u64,

ErrorCode::DeadlineNotReached

);

// Critical Security Check: Goal Not Met

require!(

fund.amount_raised < fund.goal,

ErrorCode::GoalMet

);

// Proceed with refund...

}

Mitigation Strategies

Strict Condition Enforcement
- Implement hard checks on campaign state
- Prevent refunds for successful campaigns
- Align the code with documented specifications
Additional Safeguards
- Add comprehensive state validation
- Implement clear error codes
- Create audit logs for all fund movements

Compliance Considerations

Violates explicit project specifications
Creates potential legal and trust liabilities
Undermines platform's core value proposition

Conclusion

The current implementation allows unrestricted fund manipulation, directly contradicting the platform's economic model.

Updates

Appeal created

bube Lead Judge 6 months ago

Submission Judgement Published

Validated

Assigned finding tags:

There is no check for goal achievement in `refund` function

Rewards breakdown

nSLOC

170

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.