In the `refund` function actual SOL transfer via the `system_program` is never performed
Summary
Inside the refund function, contributor is not able to take his contribution back, because there is no SOL transfer performed via the system_program.
Vulnerability Details
Inside the refund function, contributor is expected to take his SOL contribution back from a fund. However, there is no SOL transfer performed via the system_program inside the refund function, which means no SOL is sent back to contributor's wallet, which means the contributor cannot take his SOL contribution back even though that's the idea of the refund function.
Impact
The contributor cannot take his SOL back from the fund, because a system_program SOL transfer is never performed inside the refund function, which means contributor's SOL remains inside the fund forever.
Tools Used
Manual Review
Recommendations
Inside the refund function, make sure that the SOL that the contributor has sent to the fund is correctly sent back to the contributor via a system_program transfer, because SOL transfers in Solana are explicitly performed via the system_program.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.