RustFund

First Flight #36

Beginner FriendlyRust

100 EXP

View results

Previous Next

Submission Details

Severity: high

Invalid

Deadline Contribution Limitation

0xblackadam

Summary

A vulnerability was identified in the contribute function of the RustFund crowdfunding smart contract. The current implementation prevents contributions exactly at the fund's deadline, potentially blocking legitimate last-minute contributions. This issue impacts user experience and may result in missed funding opportunities.

Vulnerability Details

if fund.deadline != 0 && fund.deadline < Clock::get().unwrap().unix_timestamp.try_into().unwrap() {

return Err(ErrorCode::DeadlineReached.into());

}

Technical Description

The vulnerability stems from using a strict < (less than) comparison for deadline checking. This means any contribution exactly matching the fund's deadline timestamp will be automatically rejected. The current implementation does not allow contributions at the precise moment the deadline is reached.

Root Cause

Incorrect timestamp comparison logic that uses < instead of <=, creating an unintended restriction on contributions.

Impact

User Experience Degradation: Users cannot contribute during the final moment of a funding campaign.
Potential Fund Loss: Last-minute contributions are systematically blocked.
Reduced Platform Reliability: Contributors may perceive the platform as unreliable or poorly designed.

The financial impact could be significant, especially for campaigns relying on last-minute contributions to reach their funding goals.

Recommendations

Code Fix: Modify the deadline comparison operator from < to <=

if fund.deadline != 0 && fund.deadline <= Clock::get().unwrap().unix_timestamp.try_into().unwrap() {

return Err(ErrorCode::DeadlineReached.into());

}

Tools Used

Manual Code Review
Rust Static Analysis
Anchor Framework Analysis

Updates

Lead Judging Commences

bube Lead Judge

3 months ago

Appeal created

bube Lead Judge 3 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

nSLOC

170

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.