Ignored CPI Result in SetDelegate Function Prevents Error Propagation
Summary
The ignored CPI result will cause unexpected behavior for developers as the function will silently discard errors, leading to undetected failures in downstream calls.
Result: If endpoint_cpi::set_delegate fails, this failure is not handled or propagated, potentially leaving the admin unaware of the error.
Impact
No response
PoC
No response
Mitigation
Remove the assignment to _ , apply the? operator directly to the endpoint_cpi::set_delegate call and remove the return Ok(()). This change will ensure error propagation up the call stack
Abundant Walnut Rooster
Low/Info
Ignored CPI Result in SetDelegate Function Prevents Error Propagation
Summary
The ignored CPI result will cause unexpected behavior for developers as the function will silently discard errors, leading to undetected failures in downstream calls.
Root Cause
In
set_delegate.rs:23, the CPI call toendpoint_cpi::set_delegatereturns a Result, which is not propagated due to assignment to_. This allows any potential error inset_delegateto be ignored, leading to incomplete error handling. https://github.com/sherlock-audit/2024-09-orderly-network-solana-contract/blob/main/solana-vault/packages/solana/contracts/programs/solana-vault/src/instructions/oapp_instr/set_delegate.rs#L23-L31Internal pre-conditions
External pre-conditions
No specific external protocol changes are required for the issue to occur.
Attack Path
admincalls SetDelegate::apply expecting correct error propagation.Impact
No response
PoC
No response
Mitigation
Remove the assignment to
_, apply the?operator directly to theendpoint_cpi::set_delegatecall and remove the returnOk(()). This change will ensure error propagation up the call stack