Submission Details
Impact:
Likelihood:
Potential Account Closure due to Rent Underflow (Rent Exemption)
Root + Impact
Description
Withdraw and refund directly change lamports to exchange. If reamining of fund account is lower than Rent-exempt, account will be deleted by runtime.
let amount = ctx.accounts.fund.amount_raised;
**ctx.accounts.fund.to_account_info().try_borrow_mut_lamports()? =
ctx.accounts.fund.to_account_info().lamports()
.checked_sub(amount) // <--- If reammaining is lower than Rent-exempt
.ok_or(ProgramError::InsufficientFunds)?;
Risk
Likelihood:
Impact:
-
Data loss: all project's information will be deleted on blockchain
-
Logical error: all functions access to fund account will be meet the Error "Account does not exist", cause Denial-of-Services
Proof of Concept
let amount = ctx.accounts.fund.amount_raised;
**ctx.accounts.fund.to_account_info().try_borrow_mut_lamports()? =
ctx.accounts.fund.to_account_info().lamports()
.checked_sub(amount)
.ok_or(ProgramError::InsufficientFunds)?;
Recommended Mitigation
pub fn withdraw(ctx: Context<FundWithdraw>) -> Result<()> {
let fund_info = ctx.accounts.fund.to_account_info();
let rent_amount = Rent::get()?.minimum_balance(fund_info.data_len());
let current_balance = fund_info.lamports();
+ add this code
let withdrawable_amount = current_balance.checked_sub(rent_amount).unwrap_or(0);
let amount_to_withdraw = std::cmp::min(ctx.accounts.fund.amount_raised, withdrawable_amount);
**fund_info.try_borrow_mut_lamports()? -= amount_to_withdraw;
**ctx.accounts.creator.to_account_info().try_borrow_mut_lamports()? += amount_to_withdraw;
Ok(())
}
Rewards breakdown
This contest has a flat reward structure with the following payouts:
Live
The contest is live. Earn rewards by submitting a finding.
Judging
Submissions are being reviewed by our AI judge. Results will be available in a few minutes.
View all submissionsRewards Distribution
The contest is complete and the rewards are being distributed.