Any user will create rebate info on behalf of an authority
Summary
The constraints set on the rebate_manager field at create_rebate_info.rs#L15-L19 doesn't ensure that this rebate_manager is an account owned by the current program. This allows using external accounts to bypass the other constraints.
Root Cause
The constraints set on the rebate_manager field at create_rebate_info.rs#L15-L19 doesn't ensure that this rebate_manager is an account owned by the current program.
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
Any user can initialize a RebateInfo. This RebateInfo can then be used with the other instructions (add_rebate, sub_rebate, ...).
PoC
No response
Mitigation
A constraint must be added to rebate_manager to ensure it is owned by the current program.
Cuddly Gauze Mustang
Low/Info
Any user will create rebate info on behalf of an authority
Summary
The constraints set on the
rebate_managerfield atcreate_rebate_info.rs#L15-L19doesn't ensure that thisrebate_manageris an account owned by the current program. This allows using external accounts to bypass the other constraints.Root Cause
rebate_managerfield atcreate_rebate_info.rs#L15-L19doesn't ensure that thisrebate_manageris an account owned by the current program.Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
Any user can initialize a RebateInfo. This RebateInfo can then be used with the other instructions (
add_rebate,sub_rebate, ...).PoC
No response
Mitigation
A constraint must be added to
rebate_managerto ensure it is owned by the current program.