In the initialize function on the pool contract the code also deploys the lp token contract and then initializes it. One of the parameters when initializing the lp token contract is the metadata:
token_contract::Client::new(&env, &share_token_address).initialize(
// admin
&env.current_contract_address(),
// number of decimals on the share token
&share_token_decimals,
// name
&"Pool Share Token".into_val(&env),
// symbol
&"POOL".into_val(&env),
);
Code snippet from the initialize function. It initializes the lp token contract.
We can see that the metadata’s name and symbol is hard coded to Pool Share Token and POOL, instead of depending on the reserve tokens of the pool.
Impact: All the lp tokens will have the same metadata.
Recommendation: Include information about tokenA and tokenB in the name and symbol of the lp token.
file: contracts/pool/src/contract.rs location: initialize
In the
initializefunction on the pool contract the code also deploys the lp token contract and then initializes it. One of the parameters when initializing the lp token contract is the metadata:Code snippet from the
initializefunction. It initializes the lp token contract.We can see that the metadata’s name and symbol is hard coded to Pool Share Token and POOL, instead of depending on the reserve tokens of the pool.
Impact: All the lp tokens will have the same metadata.
Recommendation: Include information about
tokenAandtokenBin the name and symbol of the lp token.