Permit functionality cannot be properly used in the contract
Summary
At the moment protocol requires for the signer of the tx to be the owner of the account where the tokens will be withdrawn
from. This disallows using permit functionality (including USDC permits) and disables any potential integrations with
many protocols.
This creates a situation where permit functionality (including USDC permit functionality as it's one of the tokens marked in scope) cannot be used at all breaking integrations
with many protocols where smart contract will transfer and swap the funds instead of the user.
Impact
Protocol will not be compatible with a huge variety of other protocols as it disables the opportunity to use permit functionality
for gasless transfers, for example.
Code Snippet
Provided above.
Tool used
Manual Review
Recommendation
Check for allowance of the from account to allow using permit functionality.
Creamy Carrot Yeti
Medium
Permit functionality cannot be properly used in the contract
Summary
At the moment protocol requires for the signer of the tx to be the owner of the account where the tokens will be withdrawn from. This disallows using permit functionality (including USDC permits) and disables any potential integrations with many protocols.
Vulnerability Detail
Currently there is a following check:
https://github.com/sherlock-audit/2024-08-woofi-solana-deployment/blob/main/WOOFi_Solana/programs/woofi/src/instructions/swap.rs#L37
This creates a situation where permit functionality (including USDC permit functionality as it's one of the tokens marked in scope) cannot be used at all breaking integrations with many protocols where smart contract will transfer and swap the funds instead of the user.
Impact
Protocol will not be compatible with a huge variety of other protocols as it disables the opportunity to use permit functionality for gasless transfers, for example.
Code Snippet
Provided above.
Tool used
Manual Review
Recommendation
Check for allowance of the from account to allow using permit functionality.