RustFund

First Flight #36

Beginner FriendlyRust

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

Lack of Input Validation for Fund Name, Description, and Goal

0xblackadam

Summary

The contract does not validate the length of the fund name or description, nor does it ensure that the fundraising goal is a non-zero value. This lack of validation can lead to unintended behavior.

Vulnerability Details

The function accepts arbitrary-length names and descriptions, which could exceed storage constraints or lead to unexpected UI behavior.
There is no check to ensure that the goal amount is greater than zero.
Empty names and descriptions could make funds indistinguishable, causing confusion.

pub fn fund_create(ctx: Context<FundCreate>, name: String, description: String, goal: u64) -> Result<()> {

let fund = &mut ctx.accounts.fund;

fund.name = name;

fund.description = description;

fund.goal = goal;

fund.deadline = 0;

fund.creator = ctx.accounts.creator.key();

fund.amount_raised = 0;

fund.dealine_set = false;

Ok(())

}

Impact

Overly long names or descriptions might lead to storage overflow or inefficient space utilization.
A goal of 0 would allow fundraising with no purpose.
Buffer overflow risks

Recommendations

Enforce a maximum length for names and descriptions.
Ensure that the goal amount is greater than zero before fund creation.

if goal == 0 {

return Err(ErrorCode::InvalidGoalAmount.into());

}

Tools Used

Static code analysis
Manual code review
Fuzz testing

Updates

Appeal created

bube Lead Judge 5 months ago

Submission Judgement Published

Validated

Assigned finding tags:

No minimal amount for the `goal` in `fund_create` is greater than 0

If the `goal` is 0, the campaign goal is achieved immediately and the creator can withdraw the contributors funds. The contributors select themself which campaign to support, therefore I think Low severity is appropriate here.

[Invalid] Lack of length validation of `name` and `description` in `fund_create` function

There is a validation for the lengths of `name` and `description` in `fund_create` function: ``` pub struct Fund { #[max_len(200)] pub name: String, #[max_len(5000)] ..... } ``` Anchor will check for the lengths of these parameters and the function will fail if they have more characters than the constraints.

Rewards breakdown

nSLOC

170

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.