Konfig

Konfig manages protocol-wide parameters like fee rates and treasury addresses through a single configuration PDA. An admin initializes it, and the update_config instruction is meant to be restricted.

The program deploys and works, but the permission model has a crack. Find it before someone else does.

Global configuration accounts are everywhere in Solana protocols. They control fees, feature flags, treasury wallets, and more. A misconfigured update instruction can let anyone rewrite the rules of the entire protocol.

This challenge is beginner-friendly but teaches a pattern you'll see in every real audit.