The initialize method in the RebateManager contract lacks a crucial check to prevent it from being called multiple times. As such, it allows an attacker to re-initialize the contract.
Vulnerability Detail
The current initialize method doesn't verify whether the RebateManager has already been initialized. This means any user can call this method at any time to overwrite the existing configuration.
By re-calling initialize, an attacker can change the authority, quote_token_mint, and token_vault to values they control. This effectively hands over control of the contract and its assets to the attacker.
Impact
The contract can be reinitialized and as such, an attacker can become the new authority, gaining full control over administrative functions.
Introduce a check at the beginning of the initialize method to ensure it can only be executed once. One common approach is to verify that a specific field is unset (e.g., authority is still Pubkey::default()) before proceeding.
Strong Magenta Loris
High
Missing Initialization Check in initialize Method
Summary
The initialize method in the RebateManager contract lacks a crucial check to prevent it from being called multiple times. As such, it allows an attacker to re-initialize the contract.
Vulnerability Detail
The current initialize method doesn't verify whether the
RebateManager
has already beeninitialized
. This means any user can call this method at any time to overwrite the existing configuration. By re-callinginitialize
, an attacker can change the authority,quote_token_mint
, andtoken_vault
to values they control. This effectively hands over control of the contract and its assets to the attacker.Impact
The contract can be reinitialized and as such, an attacker can become the new authority, gaining full control over administrative functions.
Code Snippet
https://github.com/sherlock-audit/2024-08-woofi-solana-deployment/blob/main/WOOFi_Solana/programs/rebate_manager/src/state/rebate_manager.rs#L61-L72
Tool used
Manual Review
Recommendation
Introduce a check at the beginning of the initialize method to ensure it can only be executed once. One common approach is to verify that a specific field is unset (e.g., authority is still
Pubkey::default()
) before proceeding.By adding this check, any attempt to
re-initialize
an alreadyinitialized
RebateManager
will fail.