SSSwap
First Flight #41
Beginner FriendlyRust
100 EXP
View results
Previous Next
Submission Details
Impact: high
Likelihood: medium
Invalid

Missing Token Program Validation

shieldrey

Root + Impact

Description

  • The AMM should validate the token_program account in CPIs to ensure it’s the SPL Token program, preventing unauthorized token transfers.

  • Specific Issue: Functions in transfer.rs, liquidity_operations.rs, and swap_operations.rs use token_program without verifying it matches SPL_TOKEN_PROGRAM_ID, allowing a malicious program to intercept transfers and steal funds.

rust
```rust
// transfer.rs
pub fn transfer_tokens<'info>(
...,
token_program: &Interface<'info, TokenInterface>
) -> Result<()> {
let cpi_context = CpiContext::new(
token_program.to_account_info(), // @> No validation
...
);
...
}
```

Risk

Likelihood: Medium

  • Attackers can pass a malicious token_program during CPI calls in permissionless AMMs.

  • Solana’s open ecosystem increases the risk of untrusted program interactions.

Impact:

> Funds are stolen from user or vault accounts during transfers.

> Severe disruption of AMM functionality, undermining trust.

Proof of Concept

rust
```rust
// Attacker passes malicious token_program
let malicious_program = Pubkey::new_unique();
transfer_tokens(..., &malicious_program)?; // Malicious program intercepts transfer
// Funds redirected to attacker’s account
```

Recommended Mitigation

diff
```diff
// transfer.rs
pub fn transfer_tokens<'info>(
...,
token_program: &Interface<'info, TokenInterface>
) -> Result<()> {
+ require!(token_program.key() == SPL_TOKEN_PROGRAM_ID, AmmError::InvalidTokenProgram);
let cpi_context = CpiContext::new(
token_program.to_account_info(),
...
);
...
}
Updates

Lead Judging Commences

0xtimefliez Lead Judge 9 days ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.