RustFund
First Flight #36
Beginner FriendlyRust
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

deadline_set is not updated in set_deadline function

freesultan

Summary

The set_deadline function checks fund.deadline_set to prevent resetting the deadline but does not set it to true after updating fund.deadline, allowing multiple updates.

Vulnerability Details

The following set_deadline function checks fund.deadline_set to prevent resetting the deadline but does not set it to true after updating fund.deadline, allowing multiple updates.

pub fn set_deadline(ctx: Context<FundSetDeadline>, deadline: u64) -> Result<()> {
let fund = &mut ctx.accounts.fund;
if fund.dealine_set {
return Err(ErrorCode::DeadlineAlreadySet.into());
}
fund.deadline = deadline;
//@>q: why deadlineSet is never set?
Ok(())
}

Impact

The creator can repeatedly change the deadline, potentially extending it indefinitely or altering fund terms, which could erode user trust or violate intended mechanics

Tools Used

Manual Code Review

Recommendations

Set the deadline_set to true. By the way, it is used dealineset in the fund struct. We assume it is deadline__set and is corrected.

pub fn set_deadline(ctx: Context<FundSetDeadline>, deadline: u64) -> Result<()> {
let fund = &mut ctx.accounts.fund;
if fund.deadline_set {
return Err(ErrorCode::DeadlineAlreadySet.into());
}
fund.deadline = deadline;
+ fund.deadline_set = true;
Ok(())
}
Updates

Appeal created

bube Lead Judge 5 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Deadline set flag is not updated in `set_deadline` function

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.