RustFund
First Flight #36
Beginner FriendlyRust
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Lack of contribution amount validation

mayc

Summary

No validation exists for the contribution amount, potentially allowing problematic contribution scenarios.

Vulnerability Details

  • No checks for minimum or maximum contribution amounts

  • No mechanism to prevent contributions exceeding the fund's goal

Impact

  • Inability to keep the fund-specific contribution logic.

Tools Used

  • Manual Code Review

Recommendations

// Validate that contribution does not exceed remaining goal
let remaining_goal = fund.goal.checked_sub(fund.amount_raised)
.ok_or(ErrorCode::CalculationOverflow)?;
if amount > remaining_goal {
return Err(ErrorCode::ContributionExceedsRemainingGoal.into());
}
// Check if fund goal would be exceeded after this contribution
let potential_total = fund.amount_raised.checked_add(amount)
.ok_or(ErrorCode::CalculationOverflow)?;
if potential_total > fund.goal {
return Err(ErrorCode::FundGoalExceeded.into());
}
Updates

Appeal created

bube Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

[Invalid] Lack of minimal `amount` in `contribute` function

If user contributes 0 SOL, the `contribution.amount` will be updated with 0 value. There is no impact on the protocol. Also, the new contributers should pay for account creation, therefore there is no incentive someone to create a very huge number of accounts to contribute zero amount.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.