-
Strong Magenta Loris
High
# Missing Access Control in set_admin_authority Method
## Summary
The [set_admin_authority](https://github.com/sherlock-audit/2024-08-woofi-solana-deployment/blob/main/WO…
-
**Github username:** --
**Twitter username:** --
**Submission hash (on-chain):** 0x87fb9b664d6e11ea8bc56c5e17a9335f45d2fc5b6b3f8a9faeb3459010d17e29
**Severity:** high
**Description:**
**Description*…
-
Trendy Brick Stallion
Medium
# authority is not validated in `create_rebate_manager.rs`
### Summary
The authority account is not validated as a result there will be no access control on the progra…
-
From @tfmorris' comment on #7652
> Add $0 & $1 for 700, 710, 711
See:
https://www.loc.gov/marc/bibliographic/bd700.html
* $0 - Authority record control number or standard number (R)
* $1 …
hornc updated
1 month ago
-
Strong Magenta Loris
High
# Missing Initialization Check in initialize Method
## Summary
The [initialize](https://github.com/sherlock-audit/2024-08-woofi-solana-deployment/blob/main/WOOFi_Solana/p…
-
Cuddly Gauze Mustang
High
# Attacker will create pool and oracle for token that are planned to be supported in the future
### Summary
Any user can initialize the oracle attached to a token (report…
-
Creamy Carrot Yeti
Medium
# UnPause struct has no check for the pause_authority
## Summary
Constraints in the `UnPause` struct do not check for the `pause_authority` making tx revert.
## Vuln…
-
Creamy Carrot Yeti
High
# create_rebate_manager has no access control
## Summary
There is currently no check that only trusted authority is able to create a new `rebate_manager`.
## Vulnerabi…
-
Zesty Sage Tapir
Medium
# Potential for Unauthorized Rebate Adjustments in `AddSubRebate`
## Summary
## Vulnerability Detail
In the `AddSubRebate` instruction, any `authority` that is either …
-
Cuddly Gauze Mustang
High
# Attacker will initialize WooOracle before the project
### Summary
The missing access control check in `create_wooracle` instruction allows an attacker to initialize t…