zigtur - An admin authority initializing RebateInfo will make claim_rebate_fee unusable

[sherlock-admin3]

zigtur

High

An admin authority initializing RebateInfo will make claim_rebate_fee unusable

Summary

A ClaimRebateFee constraint enforces that rebate_info.authority == rebate_manager.authority. This will always be false when an admin authority initialized the rebate_info, leading the rebate_info.rebate_authority to not be able to claim their rebate fee.

Root Cause

In claim_rebate_fee.rs:26, there is an incorrect constraint.

Internal pre-conditions

1. An admin authority needs to initialize the rebate_info through the create_rebate_info instruction. It is made possible through the constraint at create_rebate_info.rs#L17.

External pre-conditions

None.

Attack Path

No response

Impact

• The rebate authority suffers from 100% rebate fee loss as it is not able to claim (through the claim_rebate_fee instruction).

PoC

No response

Mitigation

This constraint should be deleted. Fixing it to check if the rebate_info.authority is an admin authority will lead to the same issue being triggered when admin authorities are updated.

[toprince]

Need further investigation.

[sherlock-admin2]

The protocol team fixed this issue in the following PRs/commits: https://github.com/woonetwork/WOOFi_Solana/pull/28

[gjaldon]

Issue is fixed. This change fixes the issue by also allowing admin authorities to claim rebate fees.