RustFund
First Flight #36
Beginner FriendlyRust
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

Integer Overflow in contribute()

abd3lfattah

Summary

Integer Overflow in contribute function

Vulnerability Details

The code snippet shows that the amount is added to fund.amount_raised directly without checking for overflow. In Rust, when using non-checked arithmetic operations like +=, if the sum exceeds the maximum value of the integer type, it will silently wrap around in release mode, causing incorrect fund tracking.

system_program::transfer(cpi_context, amount)?;
fund.amount_raised += amount;
Ok(())

Impact

if a large enough amount is sent it would potentially overflow the fund.amount_raised.

Tools Used

Manual Review

Recommendations

Use checked arithmetic to prevent overflow. Replace the vulnerable line with:

fund.amount_raised = fund.amount_raised.checked_add(amount).ok_or(ErrorCode::Overflow)?;
Updates

Appeal created

bube Lead Judge 2 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

[Invalid] Arithmetic overflow in `contribute` function

The max value of u64 is: 18,446,744,073,709,551,615 or around 18.4 billion SOL, given that the total supply of SOL on Solana is 512.50M, the scenario when the `contribute` function will revert due to overflow is very very unlikely to happen. Therefore, this is informational finding.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.