RustFund

First Flight #36

Beginner FriendlyRust

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

Inconsistent Fund State Due to Unupdated amount_raised Field

edoscoba

Summary

When a contributor requests a refund, the refunded amount is not deducted from the amount_raised field in the fund account. This inconsistency in state management lead to incorrect reporting of the campaign’s total raised funds, potential operational issues, and misinformed decision-making for both contributors and campaign creators.

Vulnerability Details

When a contributor requests a refund, the contract transfers the specified amount from the fund account back to the contributor's account. However, the contract does not update the amount_raised field, which continues to reflect the original total contributions. This leads to a discrepancy between the actual lamport balance held in the fund account and the recorded amount_raised.

Code Behavior:
The refund function deducts lamports from the fund account and credits the contributor's account, but it does not modify the amount_raised field:

pub fn refund(ctx: Context<FundRefund>) -> Result<()> {

let amount = ctx.accounts.contribution.amount;

if ctx.accounts.fund.deadline != 0 && ctx.accounts.fund.deadline > Clock::get().unwrap().unix_timestamp.try_into().unwrap() {

return Err(ErrorCode::DeadlineNotReached.into());

}

**ctx.accounts.fund.to_account_info().try_borrow_mut_lamports()? =

ctx.accounts.fund.to_account_info().lamports()

.checked_sub(amount)

.ok_or(ProgramError::InsufficientFunds)?;

**ctx.accounts.contributor.to_account_info().try_borrow_mut_lamports()? =

ctx.accounts.contributor.to_account_info().lamports()

.checked_add(amount)

.ok_or(ErrorCode::CalculationOverflow)?;

// Reset contribution amount after refund

ctx.accounts.contribution.amount = 0;

Ok(())

}

let amount = ctx.accounts.contribution.amount;

// ... perform the lamport transfer ...

// Refund logic resets contribution.amount to 0, but fund.amount_raised remains unchanged

This means that even after a refund, the internal state does not accurately reflect the current funds raised.

Impact

State Inconsistency:
The inaccurate amount_raised value lead to an erroneous representation of the campaign's financial state. Any subsequent logic that relies on this variable (such as determining campaign success or calculating additional refunds) produce incorrect results.

Misleading Information:
Contributors and campaign creators might be misled regarding the actual amount of funds available or raised. This could affect decision-making, reporting, and overall trust in the platform.

Tools Used

Manual Review

Recommendations

Modify the refund function to deduct the refunded amount from the amount_raised field.

ctx.accounts.fund.amount_raised = ctx.accounts.fund.amount_raised.checked_sub(amount).ok_or(ProgramError::InsufficientFunds)?;

ensuring that the internal state reflects the new balance after refunds.

Updates

Appeal created

bube Lead Judge 5 months ago

Submission Judgement Published

Validated

Assigned finding tags:

`amount_raised` not updated in `refund` function

Rewards breakdown

nSLOC

170

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.