The FEE_COLLECTOR
address can drain dojoswap_pair
contracts
Description
The admin_configure
function permits the FEE_COLLECTOR
address to set the asset_infos
and asset_decimals
of the pair arbitrarily. By setting one side of asset_infos
to a worthless token that an attacker mints, an attacker can swap their worthless token to drain the deposits for the side that was left unmodified. This process can then symmetrically be used with the other side of the pair to drain its deposits as well.
Impact
If the keys for the FEE_COLLECTOR
address are stolen, or if the FEE_COLLECTOR
keys are misused, all the value stored in pair contracts can be drained.
Recommendations
Do not allow admin_configure
to modify asset_infos
or asset_decimals
if there are any deposits for the pair on either side.
Remediation
This issue has been acknowledged by Dojoswap Labs, PTE, and a fix was implemented in commit ce55f60d↗.
The patch removes the AdminConfigure
message and admin_configure
function from dojoswap_pair
.