search

sherlock-audit / 2024-09-orderly-network-solana-contract-judging

0 stars 0 forks source link

Droll Cider Armadillo - reinit_oapp will not work after resetting oapp #123

Open sherlock-admin4 opened 4 days ago

sherlock-admin4 commented 4 days ago

Droll Cider Armadillo

Medium

reinit_oapp will not work after resetting oapp

Summary

When oapp is reset, the ownership of oapp_config_account is set to the solana system program and the data storage is set to zero. When that happens, it is not possible to reinit the oapp_config_account because no one controls the account anymore and the reinitialization doesn't provide storage space back to oapp_config.

Root Cause

In reset_oapp.rs, ownership is transferred to the system_program and data storage size is set to zero:

impl ResetOApp<'_> {
    pub fn apply(ctx: &mut Context<ResetOApp>) -> Result<()> {
        let oapp_config_account_info = &mut ctx.accounts.oapp_config.to_account_info();
>       oapp_config_account_info.assign(&system_program::ID);
>       oapp_config_account_info.realloc(0, false)?;
        msg!("Reset OApp");
        Ok(())
    }

In reinit_oapp.apply, there is no expansion of storage space and the oapp is already initialized so it cannot be created again and the ownership is orphaned


impl ReinitOApp<'_> {
    pub fn apply(
        ctx: &mut Context<ReinitOApp>,
        reset_oapp_params: &ReinitOAppParams,
    ) -> Result<()> {
        let oapp_config = &mut ctx.accounts.oapp_config;
        oapp_config.admin = reset_oapp_params.admin;
        oapp_config.endpoint_program =
            if let Some(endpoint_program) = reset_oapp_params.endpoint_program {
                endpoint_program
            } else {
                ENDPOINT_ID
            };
        oapp_config.usdc_hash = reset_oapp_params.usdc_hash;
        oapp_config.usdc_mint = reset_oapp_params.usdc_mint;
        oapp_config.bump = ctx.bumps.oapp_config;
        Ok(())
    }
}

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

No response

Impact

oapp_config account cannot be reinitialized.

PoC

No response

Mitigation

Don't assign the oapp_config account to the system program. Simply setting the storage size to zero is a good measure.

When reinitializing, call realloc with space = 8 + OAppConfig::INIT_SPACE, again.