Summary

The withdraw function does not ensure the fund account retains its rent-exempt minimum balance after transferring amount_raised lamports, risking account reclamation by the Solana runtime.

Vulnerability Details

• Issue: The function transfers fund.amount_raised without checking if the remaining lamports fund.lamports - amount meet the rent-exempt minimum Rent::get()?.minimum_balance(Fund::INIT_SPACE).

• Condition: If amount_raised exceeds fund.lamports - rent_minimum, the account balance drops below the required threshold.

• Trigger: Occurs when the creator withdraws funds, especially if contributions exceed the initial balance minus rent.

Impact

• Account Loss: The fund account could be reclaimed, breaking future operations (e.g., refunds, audits).

• State Inconsistency: Loss of the account disrupts tracking of the fund’s state.

• User Impact: Creator may lose access to remaining funds; contributors may lose refund ability.

Tools Used

Manual review

Recommendations

Add a rent-exempt check before the transfer
Alternative: Close the account after withdrawal if persistence isn’t needed, transferring all lamports and deallocating with system_program::close