RustFund
First Flight #36
Beginner FriendlyRust
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

The funds can be withdrawn with or without hitting the goal amount or if deadline has been crossed

vgcodes

Summary

Sol can be withdrawn no matter if the goal amount has met of not

Vulnerability Details

withdraw function is used by the owner to withdraw the funds, contributed by the contributors(When they call contribute function), this function transfers the Sol from the contract to the owner, logically this function should only be accessible when the goal has been met or it should only be allowed when the deadline has been passed, but it actually does not check that we can see that in the following code

pub fn withdraw(ctx: Context<FundWithdraw>) -> Result<()> {
let amount = ctx.accounts.fund.amount_raised;
// No check if the goal amount has been met or not
**ctx.accounts.fund.to_account_info().try_borrow_mut_lamports()? =
ctx.accounts.fund.to_account_info().lamports()
.checked_sub(amount)
.ok_or(ProgramError::InsufficientFunds)?;
// No check if the deadline has been met or not
**ctx.accounts.creator.to_account_info().try_borrow_mut_lamports()? =
ctx.accounts.creator.to_account_info().lamports()
.checked_add(amount)
.ok_or(ErrorCode::CalculationOverflow)?;
Ok(())
}

Impact

Allows unintentional withdraw to the owner

Tools Used

Manual Analysis/Auditing

Recommendations

Adding a check from the edge case if the goal has been met or not and if the goal has not been met then checking if the deadline has passed

Updates

Appeal created

bube Lead Judge 2 months ago
Submission Judgement Published
Validated
Assigned finding tags:

No deadline check in `withdraw` function

No goal achievement check in `withdraw` function

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.