Submission Details
Severity:
Failure to increment contribution in `RustFund::contribute()` will result to loss of funds
Summary
`RustFund::contribute()allow users to contribute fund to the campaign but the value is initialised as 0 and not incremeted after the contribution. This will result in the contributors not been able to withdraw their funds incase the goal is not met since their contributions are recorded as 0 by the protocol
Vulnerability Details
The contributions are initialised to 0 but not incremeted after the fund has been tranfered to the campaign fund as illustrated below
// Initialize or update contribution record
if contribution.contributor == Pubkey::default() {
contribution.contributor = ctx.accounts.contributor.key();
contribution.fund = fund.key();
//contribution is initialise as 0
contribution.amount = 0;
}
// Transfer SOL from contributor to fund account
let cpi_context = CpiContext::new(
ctx.accounts.system_program.to_account_info(),
system_program::Transfer {
from: ctx.accounts.contributor.to_account_info(),
to: fund.to_account_info(),
},
);
system_program::transfer(cpi_context, amount)?;
// the fund is incremented but the contribution by the user is not updated
fund.amount_raised += amount;
Ok(())
Impact
Loss of contributed fund
Tools Used
Manual review
Recommendations
After the fund has been updated, the contributions should also be incremented
fund.amount_raised.checked_add(amount);
contribution.amount.checked_add(amount);
Ok(())
Updates
Appeal created
bube 5 months ago
Submission Judgement Published Assigned finding tags:
Contribution amount is not updated
Rewards breakdown
nSLOC
170This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.