Closed sherlock-admin2 closed 4 days ago
Broad Pecan Pheasant
Low/Info
"TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA" is hardcoded for token_program_id and other strings for public keys. This might work for specific contexts but could cause issues if these values change.
token_program_id
https://github.com/sherlock-audit/2024-09-orderly-network-solana-contract/blob/main/solana-vault/packages/solana/contracts/programs/solana-vault/src/instructions/oapp_instr/oapp_lz_receive_types.rs#L83-L85
https://github.com/sherlock-audit/2024-09-orderly-network-solana-contract/blob/main/solana-vault/packages/solana/contracts/programs/solana-vault/src/instructions/oapp_instr/oapp_lz_receive_types.rs#L174
No response
Consider moving these hardcoded values to configuration files or constants that can be updated without modifying the codebase.
Broad Pecan Pheasant
Low/Info
Hardcoded Values
Summary
"TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA" is hardcoded for
token_program_idand other strings for public keys. This might work for specific contexts but could cause issues if these values change.Root Cause
https://github.com/sherlock-audit/2024-09-orderly-network-solana-contract/blob/main/solana-vault/packages/solana/contracts/programs/solana-vault/src/instructions/oapp_instr/oapp_lz_receive_types.rs#L83-L85
https://github.com/sherlock-audit/2024-09-orderly-network-solana-contract/blob/main/solana-vault/packages/solana/contracts/programs/solana-vault/src/instructions/oapp_instr/oapp_lz_receive_types.rs#L174
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
No response
PoC
No response
Mitigation
Consider moving these hardcoded values to configuration files or constants that can be updated without modifying the codebase.