Submission Details
Severity:
contribution.amount is not updated in contribute()
Summary
contribution.amount is not updated in contribute
Vulnerability Details
In the contribute function, the code only initializes the contribution but fails to update the contribution amount after the transfer happens.
After transferring SOL to the fund, ctx.accounts.contribution.amount should be increased by amount, but that step is missing.
pub fn contribute(ctx: Context<FundContribute>, amount: u64) -> Result<()> {
let fund = &mut ctx.accounts.fund;
let contribution = &mut ctx.accounts.contribution;
if fund.deadline != 0 && fund.deadline < Clock::get().unwrap().unix_timestamp.try_into().unwrap() {
return Err(ErrorCode::DeadlineReached.into());
}
// Initialize or update contribution record
if contribution.contributor == Pubkey::default() {
contribution.contributor = ctx.accounts.contributor.key();
contribution.fund = fund.key();
contribution.amount = 0;
}
// Transfer SOL from contributor to fund account
let cpi_context = CpiContext::new(
ctx.accounts.system_program.to_account_info(),
system_program::Transfer {
from: ctx.accounts.contributor.to_account_info(),
to: fund.to_account_info(),
},
);
system_program::transfer(cpi_context, amount)?;
fund.amount_raised += amount;
Ok(())
Impact
the contributor's SOL will be lost forever.
Tools Used
Manual review.
Recommendations
ctx.accounts.contribution.amount should be increased by amount
Updates
Appeal created
bube 5 months ago
Submission Judgement Published Assigned finding tags:
Contribution amount is not updated
Rewards breakdown
nSLOC
170This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.