search

sherlock-audit / 2024-08-woofi-solana-deployment-judging

0 stars 0 forks source link

Fresh Pineapple Dalmatian - Malicious individuals can create corresponding rebate manage and rebate info accounts in advance #69

Open sherlock-admin2 opened 13 hours ago

sherlock-admin2 commented 13 hours ago

Fresh Pineapple Dalmatian

Medium

Malicious individuals can create corresponding rebate manage and rebate info accounts in advance

Summary

Due to the fact that the seed of the rebate_manage account is quote_token_mint, only one rebate_manage account can be created with a single quote_token token.
Malicious individuals can create a corresponding rebate_manage account before admin wants to add a new quote_token_maint, which can prevent admin from adding a new rebate_manage and losing control over the reward token
Due to other rebates already running in the system, it is unlikely to abandon this program and redeploy it

Vulnerability Detail

The rebate_manager can be created by anyone, and once created, it will prevent admin from adding the corresponding quote_tokent_mint to the rebate_manager

#[derive(Accounts)]
pub struct CreateRebateManager<'info> {
    pub quote_token_mint: Account<'info, Mint>,

    #[account(mut)]
    pub authority: Signer<'info>,

    #[account(
        init,
        payer = authority,
        space = 8 + RebateManager::INIT_SPACE,
        seeds = [
          REBATEMANAGER_SEED.as_bytes(),
          quote_token_mint.key().as_ref()
        ],
        bump)]
    pub rebate_manager: Box<Account<'info, RebateManager>>,
    ...
}

Impact

  1. Admin may not be able to add a new quote_token_maint rebate manager account
  2. Malicious individuals may use the project's program to release a rebate manager

    Code Snippet

    https://github.com/sherlock-audit/2024-08-woofi-solana-deployment/blob/1c4c9c622e8c44ae2f8cd4219c7c2a0181f25ca0/WOOFi_Solana/programs/rebate_manager/src/instructions/admin/create_rebate_manager.rs#L11

    Tool used

Manual Review

Recommendation

Refer to the config mode of the woofi program and set a rebate_config. Only the rebate_config admin can create a rebate manager. In this way, once the config account is fornt-run, the project team will redeploy and the impact will be greatly reduced

toprince commented 10 hours ago

Impact 1 is valid. but is low impact. Impact 2 is not valid. same with https://github.com/sherlock-audit/2024-08-woofi-solana-deployment-judging/issues/14