Submission Details
Severity:
Deadline can be set several times
Summary
set_deadline can be called several times when it is supposed to be called only once given this condition:
if fund.dealine_set {
return Err(ErrorCode::DeadlineAlreadySet.into());
}
Vulnerability Details
Outdated deadline_set allows anyone to set deadline as many times as they wish. deadline_set will always be true
This line will never be executed: return Err(ErrorCode::DeadlineAlreadySet.into());
Impact
Deadline can be reset several times which goes against the intent of the code. These are some impacts that can occur:
Contribution can be interrupted to start refunds
Refunds can be interrupted to go back to contributions
Tools Used
Manual review
Recommendations
pub fn set_deadline(ctx: Context<FundSetDeadline>, deadline: u64) -> Result<()> {
let fund = &mut ctx.accounts.fund;
if fund.dealine_set {
return Err(ErrorCode::DeadlineAlreadySet.into());
}
+ fund.dealine_set = true;
fund.deadline = deadline;
Ok(())
}
Updates
Appeal created
bube 6 months ago
Submission Judgement Published Assigned finding tags:
Deadline set flag is not updated in `set_deadline` function
Rewards breakdown
nSLOC
170This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.