RustFund
First Flight #36
Beginner FriendlyRust
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Unrestricted fund withdrawal for creators

iamthesvn

Summary

The withdraw function allows the fund creator to withdraw all accumulated funds at any time, regardless of whether the deadline has passed or the funding goal has been met. This creates a critical vulnerability where creators can drain the funds repeatedly and not letting the goal to be reached

Vulnerability Details

The withdraw function permits the creator to withdraw the entire amount_raised without any checks on:

  1. Whether the deadline has been reached

  2. Whether the funding goal has been achieved

pub fn withdraw(ctx: Context<FundWithdraw>) -> Result<()> { //@audit no funding goal and deadline checks when the creator calls withdraw
let amount = ctx.accounts.fund.amount_raised;
**ctx.accounts.fund.to_account_info().try_borrow_mut_lamports()? =
ctx.accounts.fund.to_account_info().lamports()
.checked_sub(amount)
.ok_or(ProgramError::InsufficientFunds)?;
**ctx.accounts.creator.to_account_info().try_borrow_mut_lamports()? =
ctx.accounts.creator.to_account_info().lamports()
.checked_add(amount)
.ok_or(ErrorCode::CalculationOverflow)?;
Ok(())
}

Impact

A malicious creator could create a fund, wait for contributions, withdraw all funds, and repeat this process indefinitely.

Tools Used

Manual review

Recommendations

Add a deadline check and funding goal check

Updates

Appeal created

bube Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

No deadline check in `withdraw` function

No goal achievement check in `withdraw` function

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.