users should pay fee to withdraw their assets and fee amount will be deducted from their token amount and fee amount depend on protocol rule and finally when user withdraw their assest, fee amount remain in vault but there isn't instrucition to claim that
Textual PoC:
1-Alice deposits 1000 usdc in solana vault
2-Alice create withdraw request for 1000 usdc
3-her request will be executed and 10 usdc remain in solana vault[fee=1%]
1 usdc remain in vault and admin cannot claim that
Petite Pecan Starfish
High
fees will be locked in vault
Summary
admin cannot claim fees in solana vault
Root Cause
users should pay fee to withdraw their assets and fee amount will be deducted from their token amount and fee amount depend on protocol rule and finally when user withdraw their assest, fee amount remain in vault but there isn't instrucition to claim that
Code Snippet
https://github.com/sherlock-audit/2024-09-orderly-network-solana-contract/blob/main/solana-vault/packages/solana/contracts/programs/solana-vault/src/instructions/oapp_instr/oapp_lz_receive.rs#L117
PoC
Textual PoC: 1-Alice deposits 1000 usdc in solana vault 2-Alice create withdraw request for 1000 usdc 3-her request will be executed and 10 usdc remain in solana vault[fee=1%] 1 usdc remain in vault and admin cannot claim that
Impact
fee will be locked in solana vault
Mitigation
consider to add a intruction to claim fees