search

sherlock-audit / 2024-08-woofi-solana-deployment-judging

0 stars 0 forks source link

Hot Paisley Copperhead - [med] Allowing admin_authority to create `RebateInfo` will create DoS for `ClaimRebateFee` instruction #72

Open sherlock-admin2 opened 13 hours ago

sherlock-admin2 commented 13 hours ago

Hot Paisley Copperhead

Medium

[med] Allowing admin_authority to create RebateInfo will create DoS for ClaimRebateFee instruction

Summary

This issue is from rebate_manager program. CreateRebateInfo instruction is allowing admin_authority also along with the authority to create the RebateInfos. Meanwhile in ClaimRebateFee context, the rebate_info is verified with check rebate_info.authority == rebate_manager.authority. So the RebateInfos created by rebate_manager.admin_authority wont pass this check, the respective users were effected as they can't claim the rebate.

Root Cause

The root cause is contradiction between the

  1. Allowing admin_authority to create RebateInfo using CreateRebateInfo instruction.
  2. Checking rebate_info.authority == rebate_manager.authority in ClaimRebateFee instruction

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

  1. If an RebateInfo was create by admin_authority.
  2. The ClaimRebate instruciton fails for that RebateInfo

Impact

DoS for the RebateInfos if they are created by the admin_authority.

PoC

CreateRebateInfo - https://github.com/sherlock-audit/2024-08-woofi-solana-deployment/blob/main/WOOFi_Solana/programs/rebate_manager/src/instructions/admin/create_rebate_info.rs#L16-L17 ClaimRebateInfo - https://github.com/sherlock-audit/2024-08-woofi-solana-deployment/blob/main/WOOFi_Solana/programs/rebate_manager/src/instructions/claim_rebate_fee.rs#L26

Mitigation

Allow rebate_manager.admin_authority also for rebate_info.authority in ClaimRebate instruction.