Found a neat Solana PDA footgun in the active percolator-meta TWAP path. The config PDA was already scoped by: ["twap_config", market, squads, coin_mint, percolator_program] …but the signer PDA used by TWAP was only scoped by: ["market-0-twap", market] That means two configs for the same market
@toly·Jun 4, 2026·negative
Read articleAI Summary
A Solana PDA footgun in the Percolator TWAP path allows two configs for the same market to share the same TWAP signer, enabling potential malicious config exploitation.
Related Projects
