Glamorous Violet Chameleon
High
The bump seed is not included in the signer seed for the transfer transaction which will cause all token transfers from the token vault to fail.
The Rebate Manager is a PDA that owns the Token Vault.
#[account(
init,
payer = authority,
token::mint = quote_token_mint,
token::authority = rebate_manager
)]
// @audit token vault is owned by the rebate manager
pub token_vault: Box<Account<'info, TokenAccount>>,The rebate manager must sign the transaction when transferring tokens from the token vault. The signer seeds used for the transfer transaction are:
pub fn seeds(&self) -> [&[u8]; 2] {
[
REBATEMANAGER_SEED.as_bytes(),
self.quote_token_mint.as_ref(),
]
}All transactions signed by a PDA must include their bump seed like in Woopool's seeds.
In rebate_manager.rs:54-59, the bump seed is not included which causes all transfers/transactions signed with those seeds to fail.
pub fn seeds(&self) -> [&[u8]; 2] {
[
REBATEMANAGER_SEED.as_bytes(),
self.quote_token_mint.as_ref(),
]
}None
None
- Call any instruction in the
rebate_managerprogram that callstransfer_from_vault_to_owner(). Instructions that call this transfer are:
Claiming rebate fees and withdrawing rebate fees will always fail due to this issue. Tokens meant for the rebate authority are stuck in the vault. This is a loss of funds.
No response
Consider adding the bump seed in rebate manager's seeds(). Woo Pool's seeds() can be used as a reference.