RustFund

First Flight #36

Beginner FriendlyRust

100 EXP

View results

Previous Next

Submission Details

Severity: low

Invalid

L-01. Missing Metadata Length Validation

micklondonjr

L-01. Missing Metadata Length Validation

Severity: Low
Category: Input Validation / Denial of Service (DoS) Protection

Summary

The RustFund protocol lacks explicit validation for the length of fund names and descriptions, relying instead on implicit system limits. This can result in unclear transaction failures and suboptimal user experience.

Vulnerability Details

The fundCreate function in lib.rs accepts arbitrary-length strings for fund names and descriptions without explicit validation checks. Although Solana implicitly limits transaction sizes, exceeding these limits results in low-level encoding errors rather than informative protocol-level messages.

Specifically impacted components:

File: lib.rs
Function: fundCreate
Struct: Fund

Impact

Unclear and cryptic errors ("encoding overruns Buffer") when limits are exceeded.
Potential for wasted transaction fees on failed submissions.
Poor user experience due to lack of explicit validation feedback.

Proof of Concept (PoC)

// Create a long description string

const fundName = "TestFund";

const longDescription = "B".repeat(10000); // 10,000 characters

// Attempt to create fund with normal name but excessive description

try {

await program.methods

.fundCreate(fundName, longDescription, new anchor.BN(1000000000))

.accounts({ fund, creator: creator.publicKey, systemProgram: SystemProgram.programId })

.signers([creator])

.rpc();

// Verify the description was stored

const fundData = await program.account.fund.fetch(fund);

console.log(`Description length stored: ${fundData.description.length} characters`);

} catch (e) {

console.log("Fund creation failed:", e.message);

}

/* OUTPUT:

Creating fund with 10,000-character description...

Fund creation failed: encoding overruns Buffer

Tools Used

Manual Review
Anchor Framework

Recommendations

Explicitly enforce reasonable limits for metadata length, improving clarity and user experience:

pub fn fund_create(ctx: Context<FundCreate>, name: String, description: String, goal: u64) -> Result<()> {

+ require!(name.len() <= 50, ErrorCode::NameTooLong);

+ require!(description.len() <= 1000, ErrorCode::DescriptionTooLong);

// existing code...

}

#[error_code]

pub enum ErrorCode {

// existing errors...

+ #[msg("Fund name exceeds maximum length")]

+ NameTooLong,

+ #[msg("Fund description exceeds maximum length")]

+ DescriptionTooLong,

}

Updates

Appeal created

bube Lead Judge 5 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

[Invalid] Lack of length validation of `name` and `description` in `fund_create` function

There is a validation for the lengths of `name` and `description` in `fund_create` function: ``` pub struct Fund { #[max_len(200)] pub name: String, #[max_len(5000)] ..... } ``` Anchor will check for the lengths of these parameters and the function will fail if they have more characters than the constraints.

Rewards breakdown

nSLOC

170

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.