search

sherlock-audit / 2024-09-orderly-network-solana-contract-judging

0 stars 0 forks source link

Sunny Syrup Worm - Incorrect Constraint in SetPeer Hinders Admin Updates During Peer Changes #107

Open sherlock-admin3 opened 4 days ago

sherlock-admin3 commented 4 days ago

Sunny Syrup Worm

Medium

Incorrect Constraint in SetPeer Hinders Admin Updates During Peer Changes

Summary

An admin cannot update the dst_eid to a new peer address via the set_peer function due to the incorrect use of the init constraint on the peer account.

Root Cause

In cases of misconfigurations or code bugs, the destination chain may switch to a new peer or SolConnector. When this happens, the set_peer function is intended to be called by the admin to update the dst_eid to the new peer address. However, because init is used, the call will always fail as it attempts to reinitialize an already initialized account, making it impossible to update the peer address.

Internal Preconditions

None

External Preconditions

None

Attack Path

None

Impact

If the dst_eid peer changes, it will be impossible to switch to the new peer.

Proof of Concept (PoC)

https://github.com/sherlock-audit/2024-09-orderly-network-solana-contract/blob/a40ed80ce4a196bc81bfa6dfb749c19b92c623b0/solana-vault/packages/solana/contracts/programs/solana-vault/src/lib.rs#L100-L102

https://github.com/sherlock-audit/2024-09-orderly-network-solana-contract/blob/a40ed80ce4a196bc81bfa6dfb749c19b92c623b0/solana-vault/packages/solana/contracts/programs/solana-vault/src/lib.rs#L100-L102

Mitigation

Update SetPeer::peer to:

    #[account(
+        init_if_needed,
        payer = admin,
        space = 8 + Peer::INIT_SPACE,
        seeds = [PEER_SEED, &oapp_config.key().to_bytes(), &params.dst_eid.to_be_bytes()],
        bump
    )]
    pub peer: Account<'info, Peer>,