Malicious Users can Disable Rate limiting Leading to Dos and Unauthorized Access.
Summary
The SetRateLimit instruction does not validate the SetRateLimitParams struct.
Vulnerability Detail
The SetRateLimit instruction uses the SetRateLimitParams struct without validating its fields. This allows an attacker to set arbitrary rate limits, potentially leading to unauthorized access or denial-of-service attack.
Proof of Concept
Impact
Unvalidated rate limit parameters will enable attackers to:
Set excessively high rate limits, causing network congestion.
Set excessively low rate limits, denying legitimate access.
Energetic Midnight Boar
Medium
Malicious Users can Disable Rate limiting Leading to Dos and Unauthorized Access.
Summary
The SetRateLimit instruction does not validate the SetRateLimitParams struct.
Vulnerability Detail
The SetRateLimit instruction uses the SetRateLimitParams struct without validating its fields. This allows an attacker to set arbitrary rate limits, potentially leading to unauthorized access or denial-of-service attack.
Proof of Concept
Impact
Unvalidated rate limit parameters will enable attackers to:
Code Snippet
https://github.com/sherlock-audit/2024-09-orderly-network-solana-contract/blob/main/solana-vault/packages/solana/contracts/programs/solana-vault/src/instructions/oapp_instr/set_rate_limit.rs#L8-L22
Tool used
Manual Review
Recommendation