Open sherlock-admin2 opened 4 days ago
Petite Pecan Starfish
Medium
init vault has lack of access control
vault authority has lack of access control
Textual PoC: 1-admin inits oappConfigPDA 2-malicious user inits vaultAuthorityPDA and take control of oapp 3-admin resets oappConfig 4-admin cannot reinit oappConfig because just vault'owner can reinit oappConfig
https://github.com/sherlock-audit/2024-09-orderly-network-solana-contract/blob/main/solana-vault/packages/solana/contracts/programs/solana-vault/src/instructions/vault_instr/init_vault.rs#L19
admin cannot reinit oappConfig
consider to just admin can init vault
Petite Pecan Starfish
Medium
admin cannot reinit oappConfig
Summary
init vault has lack of access control
Root Cause
vault authority has lack of access control
PoC
Textual PoC: 1-admin inits oappConfigPDA 2-malicious user inits vaultAuthorityPDA and take control of oapp 3-admin resets oappConfig 4-admin cannot reinit oappConfig because just vault'owner can reinit oappConfig
Code Snippet
https://github.com/sherlock-audit/2024-09-orderly-network-solana-contract/blob/main/solana-vault/packages/solana/contracts/programs/solana-vault/src/instructions/vault_instr/init_vault.rs#L19
Impact
admin cannot reinit oappConfig
Mitigation
consider to just admin can init vault