Description

The admin_configure function permits the FEE_COLLECTOR address to set the asset_infos and asset_decimals of the pair arbitrarily. By setting one side of asset_infos to a worthless token that an attacker mints, an attacker can swap their worthless token to drain the deposits for the side that was left unmodified. This process can then symmetrically be used with the other side of the pair to drain its deposits as well.

Impact

If the keys for the FEE_COLLECTOR address are stolen, or if the FEE_COLLECTOR keys are misused, all the value stored in pair contracts can be drained.

Recommendations

Do not allow admin_configure to modify asset_infos or asset_decimals if there are any deposits for the pair on either side.

Remediation

This issue has been acknowledged by Dojoswap Labs, PTE, and a fix was implemented in commit ce55f60d↗.

The patch removes the AdminConfigure message and admin_configure function from dojoswap_pair.