RustFund
First Flight #36
Beginner FriendlyRust
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

M-01. Missing Minimum Value Validation in Campaign Goals and Contributions

micklondonjr

M-01. Missing Minimum Value Validation in Campaign Goals and Contributions

Severity: Medium

Category: Economic Security / Input Validation

Summary

The RustFund protocol lacks minimum threshold validations for campaign goals and contributions, permitting the creation of economically trivial campaigns with values as low as 1 lamport. This can result in numerous economically irrelevant campaigns, blockchain bloat, and unnecessary complexity.

Vulnerability Details

The functions fundCreate and contribute in lib.rs lack validation to enforce minimum acceptable thresholds. As a result:

  • Campaigns can be created with negligible economic value (1 lamport).

  • Contributions as small as 1 lamport are accepted without restrictions.

  • No checks exist to prevent economically meaningless transactions.

Impact

  • Enables proliferation of micro-campaigns with insignificant economic impact.

  • Potential for increased blockchain bloat and unnecessary computational overhead.

  • Disproportionate transaction fees relative to actual campaign economic value.

  • Increased complexity in accounting and user interface representations.

Proof of Concept

// Create fund with a minimal goal (1 lamport)
await program.methods
.fundCreate(FUND_NAME, "Boundary test", new anchor.BN(1))
.accounts({ fund, creator: creator.publicKey, systemProgram: SystemProgram.programId })
.signers([creator])
.rpc();
// Contribute 1 lamport
await program.methods
.contribute(new anchor.BN(1))
.accounts({
fund,
contributor: contributor.publicKey,
contribution,
systemProgram: SystemProgram.programId,
})
.signers([contributor])
.rpc();
// Verify fund state
const fundData = await program.account.fund.fetch(fund);
console.log("Fund amount raised:", fundData.amountRaised.toString(), "lamports");
console.log("Fund goal:", fundData.goal.toString(), "lamports");
/* OUTPUT:
Testing micro-contribution boundary conditions
Fund created with 1 lamport goal
Contribution of 1 lamport accepted
Fund amount raised: 1 lamports
Fund goal: 1 lamports
Protocol accepts micro-values (1 lamport) with no minimum validation
*/

Tools Used

  • Manual code review

  • Anchor test framework

Recommended Mitigation

Implement explicit minimum thresholds for campaign goals and contributions within the fundCreate and contribute functions.

// In fundCreate
require!(goal >= MIN_GOAL_AMOUNT, ErrorCode::GoalTooSmall);
// In contribute
require!(amount >= MIN_CONTRIBUTION_AMOUNT, ErrorCode::ContributionTooSmall);
// Define constants (example values)
pub const MIN_GOAL_AMOUNT: u64 = 1_000_000; // 0.001 SOL
pub const MIN_CONTRIBUTION_AMOUNT: u64 = 100_000; // 0.0001 SOL
// Add error codes
#[error_code]
pub enum ErrorCode {
#[msg("Goal amount is too small")]
GoalTooSmall,
#[msg("Contribution amount is too small")]
ContributionTooSmall,
}
Updates

Appeal created

bube Lead Judge 5 months ago
Submission Judgement Published
Validated
Assigned finding tags:

[Invalid] Lack of minimal `amount` in `contribute` function

If user contributes 0 SOL, the `contribution.amount` will be updated with 0 value. There is no impact on the protocol. Also, the new contributers should pay for account creation, therefore there is no incentive someone to create a very huge number of accounts to contribute zero amount.

No minimal amount for the `goal` in `fund_create` is greater than 0

If the `goal` is 0, the campaign goal is achieved immediately and the creator can withdraw the contributors funds. The contributors select themself which campaign to support, therefore I think Low severity is appropriate here.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.