Competitive Audits
First Flights
Leaderboard
Docs
Toggle theme
Sign up
Log in
All First Flights
Rust Fund
Submissions
AI First Flight
Rust Fund
AI First Flight #9
Beginner Friendly
Rust
EXP
AI First Flight
EXP
Jun 10th, 2026 → Jun 11th, 2026
View repo
View results
8 / 8
Submissions
Severity
Validity
Tags
Author
#1
Missing goal and deadline validation in withdraw lets the campaign creator drain all contributed SOL from a campaign that never succeeded
High
Valid
[H-02] H-01. Creators Can W...
jengreg
#2
contribute never records contribution.amount, so refund always transfers 0 and contributors can never recover their deposits from a failed campaign
High
Valid
[H-03] Permanent Loss of Co...
jengreg
#3
set_deadline never sets dealine_set = true, leaving the deadline permanently mutable so the creator can repeatedly postpone it and block contributor refunds
Medium
Valid
[M-02] The set_deadline fun...
jengreg
#4
refund does not verify the campaign failed: it omits the goal-not-met check and its deadline guard is skipped entirely when deadline == 0, allowing refunds outside the intended window
High
Valid
[H-04] Inadequate Refund Co...
jengreg
#5
amount_raised is never decremented on refund nor reset on withdraw, so the recorded raised total permanently desynchronizes from the fund's real lamport balance
Medium
Valid
[M-01] Withdrawal doesn't r...
jengreg
#6
Manual lamport debits in refund and withdraw have no rent-exemption floor, so the fund data account can be drained below rent and purged by the runtime
Low
Invalid
jengreg
#7
fund.amount_raised += amount uses unchecked addition, inconsistent with the checked arithmetic used everywhere else in the program
Low
Invalid
jengreg
#8
name is used as a PDA seed but is allowed up to 200 bytes (#[max_len(200)]), exceeding Solana's 32 byte seed limit, so any campaign name longer than 32 bytes cannot create a fund
Low
Invalid
jengreg
Previous
1
Next
Support
FAQs
Can't find an answer? Chat with us on Discord, Twitter or Linkedin.
What is Cyfrin CodeHawks?
What is a competitive audit?
How can I host a competition on CodeHawks?
How is a contest prize pool determined?
How do I get rewarded?
What is a First Flight?
Give us feedback!
