RustFund

First Flight #36

Beginner FriendlyRust

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

Withdrawal Deadline Vulnerability

0xblackadam

Summary

The current implementation of the withdrawal mechanism lacks robust deadline enforcement, creating a significant security and trust vulnerability in the crowdfunding platform.

Vulnerability Details

pub fn withdraw(ctx: Context<FundWithdraw>) -> Result<()> {

let amount = ctx.accounts.fund.amount_raised;

**ctx.accounts.fund.to_account_info().try_borrow_mut_lamports()? =

ctx.accounts.fund.to_account_info().lamports()

.checked_sub(amount)

.ok_or(ProgramError::InsufficientFunds)?;

**ctx.accounts.creator.to_account_info().try_borrow_mut_lamports()? =

ctx.accounts.creator.to_account_info().lamports()

.checked_add(amount)

.ok_or(ErrorCode::CalculationOverflow)?;

Ok(())

}

The withdraw function completely lacks deadline checking
Creators can potentially withdraw funds:
- Before the campaign deadline
- Regardless of fundraising goal achievement

Proof of Concept

Creator launches campaign
Receives partial contributions
Withdraws funds immediately
Contributors keeps funding

Impact

Financial loss for contributors
Erosion of platform trust
Potential legal complications
Breaks the documentation
OverContribution to the campaign

Recommendation

pub fn withdraw(ctx: Context<FundWithdraw>) -> Result<()> {

let fund = &ctx.accounts.fund;

let current_time = Clock::get()?.unix_timestamp;

// Validate deadline

if fund.deadline == 0 || current_time < fund.deadline {

return Err(ErrorCode::WithdrawalTooEarly.into());

}

let amount = fund.amount_raised;

// Existing transfer logic with added validation

**ctx.accounts.fund.to_account_info().try_borrow_mut_lamports()? =

ctx.accounts.fund.to_account_info().lamports()

.checked_sub(amount)

.ok_or(ProgramError::InsufficientFunds)?;

**ctx.accounts.creator.to_account_info().try_borrow_mut_lamports()? =

ctx.accounts.creator.to_account_info().lamports()

.checked_add(amount)

.ok_or(ErrorCode::CalculationOverflow)?;

Ok(())

}

// Additional Error Codes

#[error_code]

pub enum ErrorCode {

// Existing error codes

WithdrawalTooEarly,

}

Updates

Appeal created

bube Lead Judge 5 months ago

Submission Judgement Published

Validated

Assigned finding tags:

No deadline check in `withdraw` function

Rewards breakdown

nSLOC

170

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.