User will use external accounts for bypassing check in programs
Summary
In the current implementation, multiple instructions make the assumption that accounts are owned by the current program (so are trusted) but they are not. This allows user to provide external accounts to bypass checks.
Root Cause
Lack of seeds constraint every time wooconfig is used (for example: create_wooracle.rs#L44)
Cuddly Gauze Mustang
High
User will use external accounts for bypassing check in programs
Summary
In the current implementation, multiple instructions make the assumption that accounts are owned by the current program (so are trusted) but they are not. This allows user to provide external accounts to bypass checks.
Root Cause
wooconfig
is used (for example:create_wooracle.rs#L44
)Other occurences in
claim_fee.rs
,create_pool.rs#L9
,deposit_withdraw.rs#L9
, and everywhere else in the codebase.Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
Impact
Multiple checks are bypassed, including access control checks.
PoC
No response
Mitigation
Every time
wooconfig
is expected, ensure that the account is the correct PDA.For example, in the
CreateWooracle
structure, it gives: