Smart contract unable to operate due to lack of token funds
Description
Bug Description
From the competition page we can know the vault program should support SPL token 2022:
The Vault and Restaking programs support the SPL Token and SPL Token 2022 standards.
But when calling process_mint() instruction, the token program id is hardcoded to be spl_token and not spl_token_2022. The spl token and spl token 2022 have different program id, the SPL token program id is TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA and SPL token 2022 program id is TokenzQdBNbLqP5VEhdkAS6EPFLC1PHnBqCXEpPxuEb, you can see the decalre for spl_token program id and spl_token_2022 program id.
pubfnprocess_mint( program_id:&Pubkey, accounts:&[AccountInfo], amount_in:u64, min_amount_out:u64,) ->ProgramResult {...// transfer tokens from depositor to vault {invoke(&transfer(// @audit - hardcoded spl token program id&spl_token::id(), depositor_token_account.key, vault_token_account.key, depositor.key,&[], amount_in, )?,&[ depositor_token_account.clone(), vault_token_account.clone(), depositor.clone(), ], )?; }...}
If the users transfer SPL token2022 to the vault by calling the process_mint() instruction, the transfer will fail because wrong token program id.
And in the process_initialize_vault() instruction, the token program id is loaded by load_token_program(), this function will check the token program id is spl_token or not, if not, it will return an error:
pubfnload_token_program(info:&AccountInfo) ->Result<(), ProgramError> {if info.key.ne(&spl_token::id()) {msg!("Account is not the spl token program");returnErr(ProgramError::IncorrectProgramId); }Ok(())}
So the vault program doesn't support SPL token2022 init.
Impact
The vault program doesn't support SPL token 2022 init and transfer.
Recommendation
Add the SPL token2022 feature to the vault program.
Proof of Concept
Proof of Concept
Place the case in the vault_program/src/ path, run it by cargo test --package jito-vault-program --lib -- test_token2022_basic:
