Missing Goal Validation in fund_create
Summary
The fund_create function does not validate the goal parameter, allowing campaigns to be created with a zero goal. This creates illogical campaign states and potential abuse scenarios
Vulnerability Details
the goal parameter (a u64) is assigned to campaign.goal without any checks (e.g., goal > 0). While u64 cannot be negative, a value of zero is meaningless for a crowdfunding campaign and could bypass intended logic, such as withdrawal conditions tied to reaching the goal.
Impact
A campaign with a goal of zero could be exploited by the owner to instantly "meet" the goal and withdraw funds without genuine contributions, confusing contributors or breaking the platform’s trust model.
Tools Used
M L
Recommendations
Add a validation check to the fund_create function to prevent and panic if the goal is zeroed from initialization :
Appeal created
No minimal amount for the `goal` in `fund_create` is greater than 0
If the `goal` is 0, the campaign goal is achieved immediately and the creator can withdraw the contributors funds. The contributors select themself which campaign to support, therefore I think Low severity is appropriate here.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.