Open sherlock-admin2 opened 15 hours ago
Cuddly Gauze Mustang
Medium
A lack of access control will lead any user to front-run create_config initialization.
create_config
create_config.rs#L11-L19
create_config.rs#L24
No response
The protocol can't initialize the WooConfig structure.
Implement an access control mechanism on this instruction.
Same with https://github.com/sherlock-audit/2024-08-woofi-solana-deployment-judging/issues/14
toprince
commented
4 hours ago toprince
commented
4 hours ago
Cuddly Gauze Mustang
Medium
Any user will initialize WooFi program before the protocol
Summary
A lack of access control will lead any user to front-run
create_configinitialization.Root Cause
create_config.rs#L11-L19, the WooConfig can be initialized only once.create_config.rs#L24, there is no access control.Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
The protocol can't initialize the WooConfig structure.
PoC
No response
Mitigation
Implement an access control mechanism on this instruction.