-
Description and context
I'm encountering an issue where attestation is failing for SOL-ETH tokens minted by Pumpfun using the Wormhole SDK. This seems to be due to recent changes in the SPL token met…
-
-
Currently, we have no restriction on how old a block referenced by a transaction needs to be (it could be a genesis block, for example). It may be beneficial to make this a bit more restrictive (and t…
-
### **Greetings, I want to use mango-v4 project and I get the openbook v2 dependencies error.
workspace Cargo.toml:**
```
[workspace]
members = [ "lib/*",
"programs/*"
]
resolver = "1"
…
-
# Issue
Deserializing an `PriceUpdateV2` account info using `AnchorDeserialize::try_from_slice(data)` fails.
Note: Using `PriceUpdateV2::try_deserialize(&mut data)` works.
# Cause
The `Pri…
-
Albort
Medium
# Potential for Unauthorized Rebate Adjustments in `AddSubRebate`
## Summary
## Vulnerability Detail
In the `AddSubRebate` instruction, any `authority` that is either the `rebat…
-
calc1f4r
Medium
# Arbitrary permission initialization of wooracle contract
## Summary
The Wooracle contract in the WOOFi program can be initialized by anyone by calling the , allowing for potentia…
-
Q7
Medium
# Missing signer check in `create_wooracle`
### Summary
According to the documentation, the `create_oracle` instruction (referred to as `create_wooracle` in the code) should only be ca…
-
Q7
Medium
# Missing signer check in `create_pool`
### Summary
According to the documentation, the `create_pool` instruction should only be callable by an admin. However, there is currently no chec…
-
zigtur
High
# Attacker will initialize WooOracle before the project
### Summary
The missing access control check in `create_wooracle` instruction allows an attacker to initialize the wooracle, t…