RustFund

First Flight #36

Beginner FriendlyRust

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

`contribution.amount` is not updated in the `contribute` function

dethera

Summary

Inside the contribute function, contribution.amount is not updated after a contributor sends SOL to the chosen fund.

Vulnerability Details

Inside the contribute function, a contributor sends SOL to the fund he has chosen to contribute to. The SOL transferred to the fund is correctly tracked in the fund and the fund's amount_raised is increased by amount:

fund.amount_raised += amount;

However, the user contribution is not tracked in the contribution account of the user for the fund and contribution.amount remains the same, although the user contribution has increased.

Impact

Not updating contribution.amount inside the contribute function after a SOL contribution has been done, means that the contibutor would not be able to take the contributed SOL back (if he decides to do so) by calling the refund function - this is because contribution.amount is not updated in the contribute function. Thus, inside the refund function, the refund amount a contributor is eligible to take back will always be 0:

let amount = ctx.accounts.contribution.amount; //@audit -> amount will always be 0 here

As a result, the refund function is unusable, which makes part of protocol's functionality completely unusable.

Tools Used

Manual Review

Recommendations

Track the amount a user has contributed to a fund by updating contribution.amount of that user for the fund inside the contribute function. Fixed contribute function would look like so:

pub fn contribute(ctx: Context<FundContribute>, amount: u64) -> Result<()> {

let fund = &mut ctx.accounts.fund;

let contribution = &mut ctx.accounts.contribution;

if fund.deadline != 0 && fund.deadline < Clock::get().unwrap().unix_timestamp.try_into().unwrap() {

return Err(ErrorCode::DeadlineReached.into());

}

// Initialize or update contribution record

if contribution.contributor == Pubkey::default() {

contribution.contributor = ctx.accounts.contributor.key();

contribution.fund = fund.key();

contribution.amount = 0;

}

// Transfer SOL from contributor to fund account

let cpi_context = CpiContext::new(

ctx.accounts.system_program.to_account_info(),

system_program::Transfer {

from: ctx.accounts.contributor.to_account_info(),

to: fund.to_account_info(),

);

system_program::transfer(cpi_context, amount)?;

@> contribution.amount += amount;

fund.amount_raised += amount;

Ok(())

}

Updates

Appeal created

bube Lead Judge 8 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Contribution amount is not updated

Rewards breakdown

nSLOC

170

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.