Rust Fund
AI First Flight #9
Beginner FriendlyRust
EXP
View results
Previous Next
Submission Details
Impact: high
Likelihood: high
Invalid

[H-01] User funds are locked forever because contribution.amount is never updated in contribute function

thaituankhang2005

Root + Impact

Description

  • In contribute function, althoug SOL have been transfered from contributer to fund but status re-amount contributed SOL of individual using contribution.amount is not updated. So it cause refund always return 0 for users

if contribution.contributor == Pubkey::default() {
contribution.contributor = ctx.accounts.contributor.key();
contribution.fund = fund.key();
contribution.amount = 0;
}

Risk

Likelihood:

  1. If you use contribute() function and when deadline is reached you can not refund any SOL

Impact:

  • All contributed SOL will be trapped in fund. User can not refund. It's cause high risk logic business of fund

Proof of Concept

  1. Alice call contribute with 10 SOL.

  2. fund.amount_raised add 10 SOL. fund account receive 10 SOL lamports.

  3. contribution.amount of Alice is 0.

  4. When Deadline reached, Alice call refund.

  5. refund function read contribution.amount (0) and refund Alice 0 SOL.

  6. Alice lost 10 SOL.

Recommended Mitigation

system_program::transfer(cpi_context, amount)?;
+ add this code
contribution.amount = contribution.amount.checked_add(amount).ok_or(ErrorCode::CalculationOverflow)?;
fund.amount_raised += amount;
Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge 11 days ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!