RustFund
First Flight #36
Beginner FriendlyRust
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Incomplete State Update in the set_deadline function

0xkmr_

Summary

The set_Deadline function sets the fund's deadline timestamp but fails to update the deadline_set flag to true. This inconsistency in state leads to potential reuse of the function and incorrect state representation.

Vulnerability Details

The set_deadline function is designed to allow fund creators to set a deadline for contributions only once. However, while the function correctly sets the deadline timestamp value, it fails to update the deadline_set flag to true.

pub fn set_deadline(ctx: Context<FundSetDeadline>, deadline: u64) -> Result<()> {
let fund = &mut ctx.accounts.fund;
if fund.dealine_set {
return Err(ErrorCode::DeadlineAlreadySet.into());
}
fund.deadline = deadline;
// @audit --> Missing: fund.dealine_set = true;
Ok(())
}

The code performs a check to verify that a deadline hasn't already been set but doesn't update the flag after setting the deadline. This creates an inconsistency in the contract state where:

  1. The deadline value is set in the fund account.

  2. The deadline_set flag remains false, incorrectly indicating that no deadline has been set yet.

Impact

Medium

Tools Used

Manual Review

Recommendations

pub fn set_deadline(ctx: Context<FundSetDeadline>, deadline: u64) -> Result<()> {
let fund = &mut ctx.accounts.fund;
if fund.dealine_set {
return Err(ErrorCode::DeadlineAlreadySet.into());
}
fund.deadline = deadline;
fund.dealine_set = true; // Add this line to update the flag
Ok(())
}
Updates

Appeal created

bube Lead Judge 2 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Deadline set flag is not updated in `set_deadline` function

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.