Constraints are not defined in set_only_owner_config.rs
Summary
Constraints are not set in set_only_owner_config.rs so anyone can set wooracle admin authority and guardian handler.
Vulnerability Detail
The contracts declares the expected authority, but doesn't put constraints on who can make the calls. As a result, the functions set_wooracle_admin_handler and set_guardian_handler can be called by anyone.
Tame Macaroon Tapir
Medium
Constraints are not defined in set_only_owner_config.rs
Summary
Constraints are not set in set_only_owner_config.rs so anyone can set wooracle admin authority and guardian handler.
Vulnerability Detail
The contracts declares the expected authority, but doesn't put constraints on who can make the calls. As a result, the functions
set_wooracle_admin_handler
andset_guardian_handler
can be called by anyone.Impact
Anyone can set wooracle admin authority and guardian handler potentially risking the protcol's safety.
Code Snippet
https://github.com/sherlock-audit/2024-08-woofi-solana-deployment/blob/1c4c9c622e8c44ae2f8cd4219c7c2a0181f25ca0/WOOFi_Solana/programs/woofi/src/instructions/admin/set_only_owner_config.rs#L15-L22
https://github.com/sherlock-audit/2024-08-woofi-solana-deployment/blob/1c4c9c622e8c44ae2f8cd4219c7c2a0181f25ca0/WOOFi_Solana/programs/woofi/src/instructions/admin/set_only_owner_config.rs#L24-L31
Tool used
Manual Review
Recommendation
Add the needed constraints to tighten access control.