MOD_01 // SHARED_AUTHORITY

PDA Derivation Exploit // The Master Key Problem

VULNERABILITY: SHARED AUTHORITY PDA

Note: Compare the AUTHORITY PDA in the Vault Inspector below.
In VULNERABLE mode, both vaults share the EXACT SAME AUTHORITY KEYbecause it is derived only from the Token Mint. This allows you to sign for the Victim's vault using the shared key.

PDA_TOPOLOGY_VIEW

VICTIM_VAULT

OFFLINE

SHARED_KEY

NO VAULT

Vault InspectorOFFLINE

Target (Victim)

Available to Steal

0 USDC

VAULT ADDR :--

AUTHORITY PDA :--

You (Attacker)

Your Vault Balance

0 USDC

VAULT ADDR:--

AUTHORITY PDA:--

MATCH FOUND: SHARED ACCESS

Exploit Console

Target Vault Address

Withdrawal Amount

Attack Impact Analysis

Requested Amount5,000 USDC

NET PROTOCOL LOSS+0 (THEFT)

Withdrawn Assets

Simulated Hacker Wallet

Accumulated Balance

0USDC

SYSTEM_LOGS

System ready. Waiting for input...