Submission Details
Severity:
Incorrect variable name (dealine_set), deadline status has not been set to true
Summary
In the Fund structure of the smart contract, a boolean field dealine_set is defined, which should be spelled correctly as deadline_set. Moreover, in the function set_deadline, the state of the deadline_set variable is not set to true.
Vulnerability Details
pub struct Fund {
pub name: String,
pub description: String,
pub goal: u64,
pub deadline: u64,
pub creator: Pubkey,
pub amount_raised: u64,
//❌Incorrect variable name
pub dealine_set: bool,
}
pub fn set_deadline(ctx: Context<FundSetDeadline>, deadline: u64) -> Result<()> {
let fund = &mut ctx.accounts.fund;
//❌Incorrect variable name
if fund.dealine_set {
return Err(ErrorCode::DeadlineAlreadySet.into());
}
fund.deadline = deadline;
//The status of fund.dealine_set has not been changed.
Ok(())
}
Impact
1.When creating a crowdfunding campaign, repeatedly call set_deadline.
2.When the activity is close to failing, reset the deadline to delay its failure.
Tools Used
Manual Review
Recommendations
Modify the method and variable name of the structure to deadline_set, and set the deadline_set state to true.
pub fn set_deadline(ctx: Context<FundSetDeadline>, deadline: u64) -> Result<()> {
let fund = &mut ctx.accounts.fund;
//✅
if fund.deadline_set {
return Err(ErrorCode::DeadlineAlreadySet.into());
}
fund.deadline = deadline;
//✅
fund.deadline_set=true;
Ok(())
}
Updates
Appeal created
bube 6 months ago
Submission Judgement Published Assigned finding tags:
Deadline set flag is not updated in `set_deadline` function
Rewards breakdown
nSLOC
170This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.