SSSwap

First Flight #41

Beginner FriendlyRust

100 EXP

View results

Previous Next

Submission Details

Impact: high

Likelihood: high

Invalid

Lack of Access Control for Critical Functions in the `liquidity_pool.rs` and also in the `lib.rs`

mishraji874

Description: The contract doesn't implement proper access control for critical functions. While it uses PDAs for authorization, there's no explicit owner or admin role that can pause the contract or handle emergencies.

Impact: If a vulnerability is discovered, there's no way to pause the contract to prevent exploitation while a fix is developed.

Recommended Mitigation: Implement an admin role with the ability to pause the contract in emergencies:

#[account]

#[derive(InitSpace)]

pub struct LiquidityPool {

pub token_a: Pubkey,

pub token_b: Pubkey,

pub lp_mint: Pubkey,

pub bump: u8,

pub admin: Pubkey,

pub paused: bool,

}

Then add checks at the beginning of each function:

require!(!liquidity_pool.paused, AmmError::ContractPaused);

Updates

Lead Judging Commences

0xtimefliez Lead Judge 14 days ago

Submission Judgement Published

Invalidated

Reason: Design choice

Rewards breakdown

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.