RustFund
First Flight #36
Beginner FriendlyRust
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Missing Deadline Enforcement

richyikejiaku

Summary

The contract does not verify if the campaign deadline has passed before authorizing donations or withdrawals. This implies that people can continue to interact with the campaign even after it is set to terminate.

Vulnerability Details

The contract does not enforce campaign deadlines, allowing contributions and withdrawals beyond the intended campaign period.

Impact

  1. Late contributions could be made beyond the campaign's intended timeframe.

  2. Withdrawals could happen indefinitely, leading to potential disputes and financial loss.

Tools Used

pub fn contribute(ctx: Context<Contribute>, amount: u64) -> ProgramResult {
let campaign = &mut ctx.accounts.campaign;
// Missing deadline check
// Contributions can happen anytime, even after the campaign ends
Ok(())
}

Recommendations

  1. Enforce a deadline check before processing contributions or withdrawals.

  2. Reject transactions if the campaign has expired.

pub fn contribute(ctx: Context<Contribute>, amount: u64) -> ProgramResult {
let campaign = &mut ctx.accounts.campaign;
let current_time = Clock::get()?.unix_timestamp;
// Enforce deadline
if current_time > campaign.deadline {
return Err(ProgramError::Custom(2)); // Campaign has ended
}
// Proceed with contribution logic
campaign.total_amount += amount;
Ok(())
}
Updates

Appeal created

bube Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

No deadline check in `withdraw` function

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.