0xSpearmint1 - Incorrect Use of init Constraint in ReinitOApp Instruction

[sherlock-admin4]

0xSpearmint1

Medium

Incorrect Use of init Constraint in ReinitOApp Instruction

Summary

The ReinitOApp instruction improperly uses the init constraint on the oapp_config account, which leads to an error when attempting to reinitialize an account that already exists. The correct behavior must involve modifying the existing account using the mut constraint, rather than attempting to reinitialize it.

Root Cause

The init constraint is used on the oapp_config account in the ReinitOApp instruction. This constraint is meant for account creation and causes an error when attempting to reinitialize an existing account. In reinitialization cases, the mut constraint should be used instead.

Internal pre-conditions

The ReinitOApp instruction must be explicitly called to update the existing oapp_config account.

External pre-conditions

No response

Attack Path

1. The ReinitOApp instruction incorrectly uses the init constraint on the existing oapp_config account.
2. Since the account already exists, the program throws an error because the init constraint attempts to create the account again.

Impact

This issue causes a failure in the ReinitOApp instruction, preventing updates to critical fields such as admin and usdc_hash in the oapp_config account.

PoC

No response

Mitigation

Replace the init constraint in the ReinitOApp instruction with the mut constraint to allow the existing oapp_config account to be modified without attempting to recreate it. This will ensure that reinitialization occurs as intended without causing errors.