Integer Overflow in Contribution Logic
Summary
An integer overflow vulnerability exists in the contribute function, where the total_contributed value is incremented without overflow checks. This could allow an attacker to manipulate the campaign's total contribution amount, potentially leading to incorrect withdrawals.
Vulnerability Details
In the file program/src/instructions/contribute.rs, the line campaign.total_contributed += amount adds the contributed amount (a u64) to total_contributed (also a u64) without checking for arithmetic overflow. If total_contributed + amount exceeds u64::MAX (18,446,744,073,709,551,615), the value wraps around, resulting in an incorrect, smaller total
Impact
An attacker could contribute a large amount to trigger an overflow, causing total_contributed to become a small or zero value. This could allow the campaign owner to withdraw less than expected or enable further exploitation of the campaign state, undermining the integrity of the crowdfunding system
Tools Used
Manual review
Recommendations
Use safe arithmetic with checked_add:
rust
Appeal created
[Invalid] Arithmetic overflow in `contribute` function
The max value of u64 is: 18,446,744,073,709,551,615 or around 18.4 billion SOL, given that the total supply of SOL on Solana is 512.50M, the scenario when the `contribute` function will revert due to overflow is very very unlikely to happen. Therefore, this is informational finding.
[Invalid] Arithmetic overflow in `contribute` function
The max value of u64 is: 18,446,744,073,709,551,615 or around 18.4 billion SOL, given that the total supply of SOL on Solana is 512.50M, the scenario when the `contribute` function will revert due to overflow is very very unlikely to happen. Therefore, this is informational finding.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.