Lack of update in contribution.amount and no check for amount in contribute function
Summary:
Hi,
I have found out a potential bug in which the users contribution amount doesn't update leads to incorrect refund amount and also, the function does not validate the amount.
Vulnerability Details:
The key details of this potential vulnerability are given as follows:
The contribute function does not update the contribution.amount field when a user contributes. This means the contribution amount is not tracked accurately, which affects the refund function's ability to refund the correct amount.
The contribute function does not validate that the amount is greater than zero.
Impact:
Contributors may not be able to refund their contributions correctly, leading to loss of funds.
Contributing zero SOL is meaningless and could lead to unnecessary on-chain storage and computation costs.
Tools Used:
Manual review
Recommendations:
update the
contribution.amountfield in the contribute function.Ensure the amount is greater than zero.
Appeal created
Contribution amount is not updated
[Invalid] Lack of minimal `amount` in `contribute` function
If user contributes 0 SOL, the `contribution.amount` will be updated with 0 value. There is no impact on the protocol. Also, the new contributers should pay for account creation, therefore there is no incentive someone to create a very huge number of accounts to contribute zero amount.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.