User will be able to use any deposit_token to bridge usdc
Summary
Missing constraint on allowed_token will cause users to be able to use any token mint account as deposit_token making users able to spoof depositing USDC by depositing any token.
Root Cause
In deposit.rs:89 there is a missing constraint on allowed_token that would prevent any deposit_token to be used when calling deposit.
Internal pre-conditions
Non needed
External pre-conditions
Non needed
Attack Path
User calls deposit with any deposit_token , which will trigger cross-chain service to send deposit
User starts withdrawal process (as pointed out by the team in Solana_Vault_Design.pdf)
USDC are send to the user, based on the amount of deposit_token he deposited in Step1
Impact
The protocols suffers an approximate loss as high as the USDC that the vault_token_account has.
PoC
No response
Mitigation
Include a constraint in allowed_token account that checks that the deposit_token is equal to allowed_token.mint_account.
Magnificent Cerulean Tardigrade
High
User will be able to use any deposit_token to bridge usdc
Summary
Missing constraint on
allowed_tokenwill cause users to be able to use any token mint account asdeposit_tokenmaking users able to spoof depositing USDC by depositing any token.Root Cause
In deposit.rs:89 there is a missing constraint on
allowed_tokenthat would prevent anydeposit_tokento be used when callingdeposit.Internal pre-conditions
Non needed
External pre-conditions
Non needed
Attack Path
depositwith anydeposit_token, which will trigger cross-chain service to send depositamountofdeposit_tokenhe deposited in Step1Impact
The protocols suffers an approximate loss as high as the USDC that the
vault_token_accounthas.PoC
No response
Mitigation
Include a constraint in
allowed_tokenaccount that checks that thedeposit_tokenis equal toallowed_token.mint_account.