RustFund
First Flight #36
Beginner FriendlyRust
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

No zero amount check in the `contribute` instruction

fairytales

Summary

There is no zero amount check for amount parameter sent to the contribute instruction, which allows to send zero amount to the fund account.

Vulnerability Details

There is no check in the beginning of the contributeinstruction which allows to send 0 amount to the fund account which isn't an issue but it isn't something desirable.

Impact

Anyone can send 0 amount to a fund account.

Recommendations

Add a check in the beginning of the contribute function,

pub fn contribute(ctx: Context<FundContribute>, amount: u64) -> Result<()> {
+ if amount == 0 {
+ return Err(ErrorCode::ZeroAmount.into());
+ }
....
....
}

Add this enum variant,

#[error_code]
pub enum ErrorCode {
#[msg("Deadline already set")]
DeadlineAlreadySet,
#[msg("Deadline reached")]
DeadlineReached,
#[msg("Deadline not reached")]
DeadlineNotReached,
#[msg("Unauthorized access")]
UnauthorizedAccess,
#[msg("Calculation overflow occurred")]
CalculationOverflow,
+ #[msg("Zero amount")]
+ ZeroAmount
}
Updates

Appeal created

bube Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

[Invalid] Lack of minimal `amount` in `contribute` function

If user contributes 0 SOL, the `contribution.amount` will be updated with 0 value. There is no impact on the protocol. Also, the new contributers should pay for account creation, therefore there is no incentive someone to create a very huge number of accounts to contribute zero amount.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.