Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Chainflip>Informational findings>The ,CloseEventAccounts, event emitted without validating event account
GeneralOverview
Findings
Informational (3)Size calculation for program accountsPotential seed collisionThe CloseEventAccounts event emitted without validating event account
Threat ModelWhat are threat models?swap-endpointvault
Audit ResultsAssessment Results
Category: Coding Mistakes

The CloseEventAccounts event emitted without validating event account

Informational Severity
Informational Impact
N/A Likelihood

Description

In the CloseEventAccounts instruction, the swap-endpoint program seems to assume reorgs for the deserialization failure of the SwapEvent account.

            if let Ok(event_account) = Account::<SwapEvent>::try_from(event_account_info) {
[...]
            } else {
                // Ideally this should never happen but it could happen if the state chain
                // were to go out of sync (e.g. large reorg, witnessing missbehaviour...)
                emit!(events::CantDeserializeEventAccount {
                    event_account: event_account_info.key(),
                    payee: payee.key(),
                });

However, it only checks the SwapEvent account's PubKey after the deserialization is successful.

Impact

This has no security impact since the event emitted is likely just used for debugging.

Recommendations

The SwapEvent account's PubKey should be validated before trying to deserialize the account.

Remediation

This issue has been acknowledged by Chainflip, and a fix was implemented in commit 019c6b94.

Zellic © 2025Back to top ↑