Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Single Pool>Discussion>Authorization pattern
GeneralOverview
DiscussionAuthorization pattern
Threat ModelWhat are threat models?1-instructions
Audit ResultsSummary

Authorization pattern

We note that the program adopts some design patterns that could potentially be misused. For instance, deposits assume the user grants authorization over a stake account to a single authority PDA that is only tied to the pool. Similarly, withdrawals assume the user grants authorization over their pool token account to an authority PDA that is also only tied to the pool address.

This design assumes the user grants authorization to manage their assets to the single pool authority PDAs in the same transaction that performs the desired single pool action; if the user grants authorization to the pool PDA without performing the intended action in the same transaction, an attacker could invoke a pool action on their behalf, stealing their assets.

The current design can be used safely, and the repository contains code that helps developers to create a list of instructions that use the program as intended. However, we note that other designs could be safer and harder to misuse. For instance, tying the authority PDAs to the token account or stake account they control would improve the safety of the design.

Zellic © 2025Back to top ↑