RustFund

First Flight #36

Beginner FriendlyRust

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Invalid

M-04. Missing Maximum Value Validation

micklondonjr

M-04. Missing Maximum Value Validation

Severity: Medium
Category: Input Validation / Arithmetic Safety

Summary

The RustFund protocol accepts arbitrarily large values (up to the maximum u64 value) for campaign goals without validation, risking arithmetic overflow and unrealistic fund scenarios.

Vulnerability Details

The fundCreate function in lib.rs lacks input validation for the campaign goal, permitting extremely high goals (up to 18446744073709551615, the maximum value for a u64).

Affected Component:

File: lib.rs
Function: fundCreate

The vulnerability arises due to the absence of checks to enforce realistic maximum limits:

pub fn fund_create(ctx: Context<FundCreate>, name: String, description: String, goal: u64) -> Result<()> {

// No upper-bound check on goal

let fund = &mut ctx.accounts.fund;

fund.goal = goal;

// Other fund initialization logic...

Ok(())

}

Impact

Possibility of arithmetic overflow in calculations involving large campaign goals.
Creation of economically impossible or nonsensical campaigns.
Risk of financial and accounting inconsistencies.

Proof of Concept (PoC)

// Define maximum u64 value

const MAX_U64 = BigInt('18446744073709551615');

// Create fund with maximum u64 goal

await program.methods

.fundCreate(

FUND_NAME,

"Max value test",

new anchor.BN(MAX_U64.toString())

)

.accounts({ fund: fund1, creator: creator.publicKey, systemProgram: SystemProgram.programId })

.signers([creator])

.rpc();

// Verify fund was created with maximum value

const fundData = await program.account.fund.fetch(fund1);

console.log(`Fund goal: ${fundData.goal.toString()}`);

console.log(`Fund goal equals MAX_U64: ${fundData.goal.toString() === MAX_U64.toString()}`);

/* OUTPUT:

Creating fund with near-maximum goal...

Fund created with MAX_U64 goal

Checking if creation succeeded by fetching fund data...

Fund goal: 18446744073709551615

Fund goal equals MAX_U64: true

No maximum value validation on fund goal

Tools Used

Manual Review
Anchor Framework

Recommendations

Implement input validation in fundCreate to enforce realistic campaign goals:

+ pub const MAX_GOAL_AMOUNT: u64 = 1_000_000_000 * LAMPORTS_PER_SOL; // Example maximum (1B SOL)

pub fn fund_create(ctx: Context<FundCreate>, name: String, description: String, goal: u64) -> Result<()> {

+ require!(goal <= MAX_GOAL_AMOUNT, ErrorCode::GoalTooLarge);

let fund = &mut ctx.accounts.fund;

fund.goal = goal;

// other initialization logic...

Ok(())

}

// Add error code

#[error_code]

pub enum ErrorCode {

+ #[msg("Goal amount exceeds maximum allowed")]

+ GoalTooLarge,

}

Updates

Appeal created

bube Lead Judge 5 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

170

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.