Category: Coding Mistakes
Final withdraw sends tokens to itself
Low Severity
Low Impact
Low Likelihood
Description
At the end of the final_withdraw
, it is stated that the offering is sent to the admin, but it actually sends the final offering to the contract itself instead.
// Transfer offering tokens to admin
if offer_amount > Uint128::zero() {
messages.push(CosmosMsg::Wasm(WasmMsg::Execute {
contract_addr: state.offering_token.to_string(),
msg: to_json_binary(&Cw20ExecuteMsg::Transfer {
recipient: env.contract.address.to_string(),
amount: offer_amount,
})?,
funds: vec![],
}));
}
Impact
The raised offering tokens are not sent to the correct destination.
Recommendations
Ensure the offering tokens are sent to the correct destination.
Remediation
This issue has been acknowledged by Dojoswap Labs, PTE, and a fix was implemented in commit ce55f60d↗.
The relevant section of the patch is:
messages.push(CosmosMsg::Wasm(WasmMsg::Execute {
contract_addr: state.offering_token.to_string(),
msg: to_json_binary(&Cw20ExecuteMsg::Transfer {
- recipient: env.contract.address.to_string(),
+ recipient: info.sender.to_string(),
amount: offer_amount,
})?,
funds: vec![],