Submission Details
Severity:
Contribution not checked to be non-zero
Summary
Contribute() is not checking whether amount is non-zero.
Vulnerability Details
When a contribution is made by a contributor, there is no zero-check and the contribution may have the value 0.
Impact
Wasted space by the FundContributestruct.
Tools Used
Recommendations
Add the following code:
if amount == 0 {
return Err(ErrorCode::ZeroAmount.into());
}
pub enum ErrorCode {
#[msg("Deadline already set")]
DeadlineAlreadySet,
#[msg("Deadline reached")]
DeadlineReached,
#[msg("Deadline not reached")]
DeadlineNotReached,
#[msg("Unauthorized access")]
UnauthorizedAccess,
#[msg("Calculation overflow occurred")]
CalculationOverflow,
//Add the new error code here
#[msg("Zero value provided")]
ZeroAmount,
}
Updates
Appeal created
bube 2 months ago
Submission Judgement Published Reason: Non-acceptable severity
Assigned finding tags:
[Invalid] Lack of minimal `amount` in `contribute` function
If user contributes 0 SOL, the `contribution.amount` will be updated with 0 value. There is no impact on the protocol. Also, the new contributers should pay for account creation, therefore there is no incentive someone to create a very huge number of accounts to contribute zero amount.
Rewards breakdown
nSLOC
170This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.