Assessment reportsPublic findings
Back to Zellic site
Assessment reports>N1 Bridge>Threat Model>Instruction: whitelist_asset
GeneralOverview
Findings
High (1)
Informational (2)
DiscussionBlock validationUnused accountsTest suite
Threat ModelWhat are threat models?
bridgeInstruction: deposit_splInstruction: finalize_blockInstruction: deposit_splInstruction: initializeInstruction: propose_blockInstruction: set_min_depositInstruction: whitelist_assetInstruction: withdrawModule: merkle
Audit ResultsAssessment Results

Instruction: whitelist_asset

This instruction allows the operator to whitelist an asset for depositing and withdrawing.

Input parameters

  • asset: Pubkey: The public key for the asset to configure.

  • min_deposit: u64: The minimum deposit required for this asset.

Accounts

  • operator: The operator account that is whitelisting the asset.

    • Signer: Yes.

    • Init: No.

    • PDA: No.

    • Mutable: No.

    • Constraints: Must have the same public key as contract_storage.operator and enough lamports to pay for account-creation costs.

  • contract_storage: The global contract storage.

    • Signer: No.

    • Init: No.

    • PDA: Yes (derived from CONTRACT_STORAGE_SEED with bump).

    • Mutable: No.

    • Constraints: Must be a ContractStorage account.

  • asset_config: The asset-configuration account matching the public key.

    • Signer: No.

    • Init: Yes.

    • PDA: Yes (derived from ASSET_CONFIG_SEED and asset with bump).

    • Mutable: Yes.

    • Constraints: Must be a new account initialized with space 8 + 8 (discriminator + AssetConfig size), and the min_deposit input parameter must be greater than zero.

Additional checks and behavior

  • Creates and stores a new AssetConfig with the min_deposit from the input parameters.

  • Logs a WhitelistAsset event.

CPI

N/A.

Zellic © 2025Back to top ↑