Potential integer overflow in `fund.amount_raised` tracking
Summary
The current implementation lacks explicit overflow checking when updating the amount_raised field, which could lead to unexpected behavior if the total contributions exceed the maximum u64 value.
Vulnerability Details
Lack of explicit overflow check in fund.amount_raised += amount could lead to unexpected fund amount reset if total contributions exceed u64 maximum value. When using the u64 type, an overflow would cause the value to wrap around silently, potentially resetting the fund's total raised amount to zero.
Relevant code: https://github.com/CodeHawks-Contests/2025-03-rustfund/blob/b5dd7b0ec01471667ae3a02520701aae405ac857/programs/rustfund/src/lib.rs#L50
Impact
The likelihood of such raising such a high amount is low but if it happens the amoun_raised would be reset to zero.
Tools Used
Manual
Recommendations
Implement checked addition instead:
Appeal created
[Invalid] Arithmetic overflow in `contribute` function
The max value of u64 is: 18,446,744,073,709,551,615 or around 18.4 billion SOL, given that the total supply of SOL on Solana is 512.50M, the scenario when the `contribute` function will revert due to overflow is very very unlikely to happen. Therefore, this is informational finding.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.