Found a neat Solana PDA footgun in the active percolator-meta TWAP path. The config PDA was already scoped by: ["twap_config", market, squads, coin_mint, percolator_program] …but the signer PDA used by TWAP was only scoped by: ["market-0-twap", market] That means two configs for the same market
@toly·4 de jun. de 2026·negativo
Ler artigoResumo IA
A Solana PDA footgun in the Percolator TWAP path allows two configs for the same market to share the same TWAP signer, enabling potential malicious config exploitation.
Projetos relacionados
