Incorrect Use of init Constraint in ReinitOApp Instruction
Summary
The ReinitOApp instruction improperly uses the init constraint on the oapp_config account, which leads to an error when attempting to reinitialize an account that already exists. The correct behavior must involve modifying the existing account using the mut constraint, rather than attempting to reinitialize it.
Root Cause
The init constraint is used on the oapp_config account in the ReinitOApp instruction. This constraint is meant for account creation and causes an error when attempting to reinitialize an existing account. In reinitialization cases, the mut constraint should be used instead.
Internal pre-conditions
The ReinitOApp instruction must be explicitly called to update the existing oapp_config account.
External pre-conditions
No response
Attack Path
The ReinitOApp instruction incorrectly uses the init constraint on the existing oapp_config account.
Since the account already exists, the program throws an error because the init constraint attempts to create the account again.
Impact
This issue causes a failure in the ReinitOApp instruction, preventing updates to critical fields such as admin and usdc_hash in the oapp_config account.
PoC
No response
Mitigation
Replace the init constraint in the ReinitOApp instruction with the mut constraint to allow the existing oapp_config account to be modified without attempting to recreate it. This will ensure that reinitialization occurs as intended without causing errors.
Tangy Peanut Lizard
Medium
Incorrect Use of init Constraint in ReinitOApp Instruction
Summary
The
ReinitOAppinstruction improperly uses theinitconstraint on theoapp_configaccount, which leads to an error when attempting to reinitialize an account that already exists. The correct behavior must involve modifying the existing account using themutconstraint, rather than attempting to reinitialize it.Root Cause
The init constraint is used on the oapp_config account in the ReinitOApp instruction. This constraint is meant for account creation and causes an error when attempting to reinitialize an existing account. In reinitialization cases, the
mutconstraint should be used instead.Internal pre-conditions
The
ReinitOAppinstruction must be explicitly called to update the existingoapp_configaccount.External pre-conditions
No response
Attack Path
Impact
This issue causes a failure in the ReinitOApp instruction, preventing updates to critical fields such as admin and usdc_hash in the oapp_config account.
PoC
No response
Mitigation
Replace the init constraint in the ReinitOApp instruction with the mut constraint to allow the existing oapp_config account to be modified without attempting to recreate it. This will ensure that reinitialization occurs as intended without causing errors.