A user can drain the contract.
Summary
A user can create a new fund and can drain the whole contract.
Vulnerability Details
(This vulnerability is stated when the vulnerability if `contribute` function is fixed,which is contribution amount for the user is incremented)
lib.rs has a functionality to contribute to the funds and can be withdrawed by the owner account by the calling the withdraw . The refund function also be used by the contributors to withdraw their funds before a set amount of time, However when the following exploit is done by a Malicious user, the Whole contract is drained.
Attack Path
Assuming there are funds available more than the attack amount.
A malicious user Bob creates a fund, contributes "Attack Amount" in the same fund, by this his fund will have two changes, Contributed amount by Bob and fund.amount_raised , Then calls refund function which will get his Contributed amount back, then withdraw , This way he can withdraw his amount twice.
Impact
Funds will be stolen
Tools Used
Manual analysis/Audting
Recommendations
For fixing the above problem, one should account for the edge case where the owner = contributer and also accounting for fund.amount_raised and contribution
Appeal created
`amount_raised` not updated in `refund` function
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.