RustFund
First Flight #36
Beginner FriendlyRust
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

M-03: Typographical Error in `Fund` Struct Prevents Proper Deadline Enforcement

micklondonjr

M-03: Typographical Error in Fund Struct Prevents Proper Deadline Enforcement

Severity: Medium
Category: State Management / Input Validation

Summary

The RustFund protocol's Fund struct contains a typographical error, misspelling deadlineSet as dealineSet. This typo causes inconsistent referencing and updating of the state, making deadline validation ineffective and allowing multiple deadline changes.

Vulnerability Details

Root cause:
A typographical error in the naming of the state-tracking boolean (dealineSet instead of deadlineSet) within the Fund struct results in the improper handling of state checks in the setDeadline function.

Vulnerable Component:

  • File: lib.rs

  • Struct: Fund

  • Field: dealineSet (should be deadlineSet)

  • Function: setDeadline

Impact:

  • Campaign deadlines become mutable indefinitely.

  • Contributors are unable to rely on stable timelines.

  • Violates core protocol assumptions around state immutability.

Steps to Reproduce

  1. Create a new fund.

  2. Set an initial deadline.

  3. Verify that the incorrectly named dealineSet flag remains false.

  4. Successfully set another deadline, bypassing intended restrictions.

Proof of Concept

// Create fund
await program.methods
.fundCreate(FUND_NAME, "Typo test", new anchor.BN(5 * LAMPORTS_PER_SOL))
.accounts({ fund, creator: creator.publicKey, systemProgram: SystemProgram.programId })
.signers([creator])
.rpc();
// Check struct for misspelling
const fundData = await program.account.fund.fetch(fund);
console.log("Field name inspection:", Object.keys(fundData).filter(k => k.includes("line")));
console.log("Misspelled field value:", fundData.dealineSet);
// Set deadline first time
await program.methods
.setDeadline(new anchor.BN(Math.floor(Date.now() / 1000) + 86400))
.accounts({ fund, creator: creator.publicKey })
.signers([creator])
.rpc();
// Verify the flag wasn't updated due to the typo
const fundDataAfter = await program.account.fund.fetch(fund);
console.log("After setting deadline, misspelled flag value:", fundDataAfter.dealineSet);
// Set deadline again (should fail but succeeds due to typo)
await program.methods
.setDeadline(new anchor.BN(Math.floor(Date.now() / 1000) + 172800))
.accounts({ fund, creator: creator.publicKey })
.signers([creator])
.rpc();
/* OUTPUT:
Field name inspection: ["dealineSet"]
Misspelled field value: false
After setting deadline, misspelled flag value: false
Successfully set deadline multiple times due to typo in field name
*/

Tools Used

  • Manual code review

  • Anchor test framework

Recommended Mitigation

Step 1: Correct the typo in the struct definition:

pub struct Fund {
// other fields...
pub deadlineSet: bool, // Corrected from dealineSet
}

Step 2: Update all references consistently, especially within setDeadline:

pub fn set_deadline(ctx: Context<FundSetDeadline>, deadline: u64) -> Result<()> {
let fund = &mut ctx.accounts.fund;
if fund.deadlineSet {
return Err(ErrorCode::DeadlineAlreadySet.into());
}
fund.deadline = deadline;
fund.deadlineSet = true; // Properly set the corrected flag
Ok(())
}

Ensure the error message clearly reflects the fix:

#[error_code]
pub enum ErrorCode {
// existing errors...
#[msg("Deadline has already been set")]
DeadlineAlreadySet,
}
Updates

Appeal created

bube Lead Judge 5 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

[Invalid] Wrong naming of `deadline_set`

This is strong informational finding, there is no impact for the protocol. The variable is the same on all places.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.