RustFund
First Flight #36
Beginner FriendlyRust
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

No minimum check amount is implemented in the `contribute` function

yo4nn

Summary

There is no minimum check amount in the contribute function, allowing a user to pollute the database with useless contribution

Vulnerability Details

There is no minimum check amount in the contribute function, allowing a user to pollute the database with useless contribution.

pub fn contribute(ctx: Context<FundContribute>, amount: u64) -> Result<()> {
let fund = &mut ctx.accounts.fund;
let contribution = &mut ctx.accounts.contribution;
if fund.deadline != 0 && fund.deadline < Clock::get().unwrap().unix_timestamp.try_into().unwrap() {
return Err(ErrorCode::DeadlineReached.into());
}
// Initialize or update contribution record
if contribution.contributor == Pubkey::default() {
contribution.contributor = ctx.accounts.contributor.key();
contribution.fund = fund.key();
contribution.amount = 0;
}

Impact

A user can pollute the database with useless contribution that could result in excessive gas usage. It could lead also to on-chain storage inefficiencies. Solana blockchain is not that much expensive but it is important to mentionned it.

Tools Used

Manual Review

Recommendations

Add a check that return an error if an amount is equal to 0 like this :

if amount == 0 {
return Err(ErrorCode::InvalidContribution.into());
}
Updates

Appeal created

bube Lead Judge 5 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

[Invalid] Lack of minimal `amount` in `contribute` function

If user contributes 0 SOL, the `contribution.amount` will be updated with 0 value. There is no impact on the protocol. Also, the new contributers should pay for account creation, therefore there is no incentive someone to create a very huge number of accounts to contribute zero amount.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.