WOOFi Swap on Solana does not support the native token SOL.

Summary

Vulnerability Detail

pub fn transfer_from_owner_to_vault<'info>(
    position_authority: &Signer<'info>,
    token_owner_account: &Account<'info, TokenAccount>,
    token_vault: &Account<'info, TokenAccount>,
@>>    token_program: &Program<'info, Token>,
    amount: u64,
) -> Result<()> {
    token::transfer(
        CpiContext::new(
            token_program.to_account_info(),
            Transfer {
                from: token_owner_account.to_account_info(),
                to: token_vault.to_account_info(),
                authority: position_authority.to_account_info(),
            },
        ),
        amount,
    )
}

From instructions::swap::handler(ctx, from_amount, min_to_amount) and transfer_from_owner_to_vault(), it can be seen that WOOFi Swap on Solana does not support the native token SOL, but supports WSOL (Wrapped SOL). This is inconsistent with the statements in the README. “We manually add the supported token pairs into the swap. The initial list is: SOL, USDT, USDC. Any two of them can form a swap pair.” According to Sherlock’s rules, issues that break the invariants from the above question, irrespective of whether the impact is low or unknown, will be assigned Medium severity.

Impact

The native token SOL cannot be traded on WOOFi Swap on Solana.

Code Snippet

https://github.com/sherlock-audit/2024-08-woofi-solana-deployment/blob/main/WOOFi_Solana/programs/woofi/src/instructions/swap.rs#L96

https://github.com/sherlock-audit/2024-08-woofi-solana-deployment/blob/main/WOOFi_Solana/programs/woofi/src/util/token.rs#L22

Tool used

Manual Review

Recommendation

Add code to handle the native token SOL, or modify the relevant statements.

sherlock-audit / 2024-08-woofi-solana-deployment-judging

Helpful Jetblack Snake - WOOFi Swap on Solana does not support the native token SOL. #55

WOOFi Swap on Solana does not support the native token SOL.

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation