From 456add157b48ea7a93a7f4bd22f22cc356e7d5c3 Mon Sep 17 00:00:00 2001 From: makarychev <3645723+makarychev@users.noreply.github.com> Date: Wed, 4 Dec 2024 13:42:44 +0200 Subject: [PATCH] HAL-05 Highlight possible fund dividends with fake account scenario --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index 2caa0c5..e0fa469 100644 --- a/README.md +++ b/README.md @@ -963,12 +963,20 @@ sequenceDiagram 1. Amount of entitled dividend token is transferred from the `Dividends` PDA to the rightful recipient. +## Security implication +**Please note:** *Anyone can create a Security Token* with related Access Control data and a Distributor. + +However, **someone might attempt to deceive the issuer** into funding dividends into fake accounts, which could result in **a loss of funds**. + +Therefore, the issuer must use **a trusted service** to fund dividends or validate Security Token address inside instruction to mitigate this risk. + ## Relevant Methods ### New Distribution Creation Code A new distribution can be created with a call to the Solana program like this. + **Solana Web3 TS call:** ```typescript await program.methods