Category: Coding Mistakes
Launchpad's migrate sets the contract to the current version and not the target version
Informational Severity
Informational Impact
N/A Likelihood
Description
The function migrate_version
is responsible for migrating the contract; however, it treats the target_contract_version
as the version in the past (that the migration is away from) and the version
as the version to migrate to.
pub fn migrate_version(
deps: DepsMut,
target_contract_version: &str,
name: &str,
version: &str,
) -> StdResult<()> {
...
if prev_version.version != target_contract_version {
return Err(StdError::generic_err(format!(
"invalid contract version. target {}, but source is {}",
target_contract_version, prev_version.version
)));
}
set_contract_version(deps.storage, name, version)?;
Ok(())
}
const CONTRACT_NAME: &str = "crates.io:launchpad";
const CONTRACT_VERSION: &str = env!("CARGO_PKG_VERSION");
const TARGET_CONTRACT_VERSION: &str = "0.1.2";
pub fn migrate(deps: DepsMut, _env: Env, _msg: MigrateMsg) -> Result<Response, ContractError> {
migrate_version(
deps,
TARGET_CONTRACT_VERSION,
CONTRACT_NAME,
CONTRACT_VERSION,
)?;
Ok(Response::default())
}
Impact
The misnaming of source and target may lead to mistakes when updating the contract for deployment, costing gas for failed migrations.
Recommendations
Rename TARGET_CONTRACT_VERSION
to EXPECTED_PREVIOUS_CONTRACT_VERSION
in launchpad, and rename target_contract_version
to previous_contract_version
and version
to updated_contract_version
in migrate_version
.
Remediation
This issue has been acknowledged by Dojoswap Labs, PTE, and a fix was implemented in commit ce55f60d↗.