The Ledger is a singleton contract in the Orderly Protocol and it is the only contract that can call SolConnector's withdraw(). However, the Ledger only calls withdraw() on the CrossChainManager.
Root Cause
The Ledger is not configured to send calls to SolConnector.
Tangy Mocha Fox
Medium
Ledger never calls SolConnector's
withdraw()Summary
The Ledger is a singleton contract in the Orderly Protocol and it is the only contract that can call SolConnector's
withdraw(). However, the Ledger only callswithdraw()on the CrossChainManager.Root Cause
The Ledger is not configured to send calls to
SolConnector.ref: LedgerImplA.executeWithdrawAction():177
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
withdraw()will never be called until Ledger is modified.Impact
Withdrawing from SolanaVault will not be possible until Ledger is fixed.
PoC
No response
Mitigation
Consider modifying Ledger's implementation to call
SolConnectorwhen withdrawing from Solana.