Manual Lamport Manipulation Instead of Safe Transfers
Root + Impact
Description
-
Describe the normal behavior in one or more sentences
The `refund` and `withdraw` functions use direct lamport manipulation via `try_borrow_mut_lamports()` instead of using Anchor's safe transfer mechanisms or the system program's transfer instruction. While this approach works, it's more error-prone and doesn't follow Anchor best practices. -
Explain the specific issue or problem in one or more sentences
The normal behavior should use Anchor's built-in transfer mechanisms or CPI to the system program for safer, more auditable fund transfers. The current implementation manually manipulates lamports, which is more complex and harder to verify.
Risk
Likelihood:
-
* Issues occur when rent exemption calculations are incorrect
* Problems arise if account balances are near rent exemption threshold
* Risk increases with complex account state management
Impact:
-
* Potential for rent exemption violations
* Harder to audit and verify correctness
* More prone to off-by-one errors
* Doesn't follow Anchor best practices
Proof of Concept
Recommended Mitigation
Lead Judging Commences
[L-03] Unsafe Direct Lamport Manipulation in refund(), withdraw() Functions
## Description The `refund` function in the provided code directly manipulates the lamports of accounts using `try_borrow_mut_lamports()`. This approach bypasses the Solana runtime's safety checks, leading to potential security vulnerabilities and program instability. ## Vulnerability Details In the `refund` function, lamports are transferred between accounts by directly adjusting their balances:   ```Rust **ctx.accounts.fund.to_account_info().try_borrow_mut_lamports()? = ctx.accounts.fund.to_account_info().lamports().checked_sub(amount).ok_or(ProgramError::InsufficientFunds)?; **ctx.accounts.contributor.to_account_info().try_borrow_mut_lamports()? = ctx.accounts.contributor.to_account_info().lamports().checked_add(amount).ok_or(ErrorCode::CalculationOverflow)?; ``` This method of direct lamport manipulation can lead to several issues: 1. **Bypassing Rent Exemption Checks:** Accounts in Solana must maintain a minimum balance to be rent-exempt. Directly reducing an account's lamports without verifying rent exemption can result in the account being marked for deletion by the Solana runtime. 2. **Ownership Constraints:** Only the owning program of an account can modify its data and lamport balance. Direct manipulation without proper checks can violate these constraints, leading to program errors. 3. **Lack of Atomicity:** Direct lamport transfers lack the atomic transaction guarantees provided by the system program's transfer instruction, potentially leading to inconsistent states in case of program interruptions. ## Impact Exploiting this vulnerability can result in unauthorized fund transfers, violation of Solana's account ownership rules, and potential loss of funds due to accounts becoming non-rent-exempt. ## Recommendations Replace the direct lamport manipulation with Solana's system program transfer instruction to ensure safe and compliant fund transfers in refund() & withdraw() functions:   ```Rust let cpi_context = CpiContext::new( ctx.accounts.system_program.to_account_info(), system_program::Transfer { from: ctx.accounts.fund.to_account_info(), to: ctx.accounts.contributor.to_account_info(), }, ); system_program::transfer(cpi_context, amount)?; ``` This approach leverages Solana's native mechanisms for transferring lamports, ensuring adherence to the platform's safety and security protocols.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Judging
Submissions are being reviewed by our AI judge. Results will be available in a few minutes.
View all submissionsRewards Distribution
The contest is complete and the rewards are being distributed.