Assessment reports>DojoSwap>Threat Model>Crate: launchpad

Crate: launchpad

The launchpad contract implements a two-phase batch sale of tokens.

Function: instantiate

The instantiate function configures the initial state of the contract.

The instantiate message specifies the following:

  • An admin address that can call update_config (the admin address has no well-formedness checks)

  • A native token raising_denom, in which purchases are denominated

  • A CW20 token offering_token that the contract sells

  • A start_time and end_time in seconds that the sale will take place during

  • An amount raising_amount that is the expected amount of raising_denom that must be met

  • An amount offering_amount of total offering_tokens to sell

The instantiate function verifies that end_time is after start_time, initializes the state from the above fields, additionally sets total_amount to zero and allow_claim to false, and persists the state.

Function: deposit

The deposit function processes deposits from purchasers of tokens.

It checks if all of the following hold:

  • The current block time is within the start and end time.

  • The deposit amount specified as part of the message is nonzero.

  • Exactly one coin type was transferred in by the message, and its denom matches the raising_denom.

It does not check that the deposit amount equals the amount in the message's funds; see Finding ref.

If all of the above hold, the per-user amount and total_amount are increased by the deposit amount and the state is updated.

Function: harvest

The harvest function allows purchasers of tokens to obtain their share of the offering tokens.

It checks if all of the following hold:

  • The current block time is strictly after the end time.

  • The user deposited a nonzero amount.

  • The user has not already called harvest (tracked by the claimed field).

  • The state's allow_claim field must be true.

If all of the above hold, the amounts of the offering_token and refund of the raising_denom are calculated.

If the raising_amount was met,

  • The user gets (amount / total_amount) * offering_amount of the offering_token.

  • The user gets amount - (raising_amount * amount / total_amount) of the raising_denom as a refund.

If the raising_amount was not met,

  • The user gets (amount / total_amount) * (offering_amount / raising_amount) of the offering_token.

  • The user gets no refund of the raising_denom.

It transfers the relevant amounts of the offering_token and raising_denom to the user and sets their claimed flag in the state.

Function: update_config

The update_config function allows the admin address to update any of the following: raising_denom, offering_token, offering_amount, start_time, and end_time.

It enforces that the message sender is the admin address (but see Finding ref), that start_time is not after end_time, and that no user has called deposit yet (via checking total_amount).

Function: final_withdraw

The final_withdraw function allows the admin address to withdraw any remaining offering_tokens as well as the raising_denoms.

It enforces that the message sender is the admin address (but see Finding ref) and that the specified withdrawal amounts are less than or equal to the contract's balance of the relevant tokens; if the amounts are nonzero, it sends the raised_denom value to the message sender and the offering tokens to the launchpad contract itself. See Finding ref.

Function: flip_allow_claim

The flip_allow_claim function allows the admin address to negate the global allow_claim field. No user is able to harvest until this is called.

It enforces that the message sender is the admin address (but see Finding ref) and then persists the negation of allow_claim to the state.

Functions: migrate / migrate_version

The migrate function calls migrate_version with constants TARGET_CONTRACT_VERSION, CONTRACT_NAME, and CONTRACT_VERSION.

The migrate_version function parses the current contract's name and version, and it requires that the current name matches the provided name and that the current version matches the provided target version. If both match, it sets the contract's version to the provided version. See Finding ref.

Zellic © 2024Back to top ↑