As we can see, this function does not have any kind of protection
Attack Scenario:
Anyone can call the initialize function and change LPFactory, SwapTwoPoolDeployer, SwapThreePoolDeployer and admin variable, taking control of the contract
By taking control of the contract, the attacker can manipulate the functions createSwapPaircreateThreePoolPair, addPairInfo and transferAdminship
Github username: -- Twitter username: -- Submission hash (on-chain): 0xe9912b85d135bce406561a14feed9538a2948e21d927bf1c83ee23fa3b02c13f Severity: high
Description: Description:
The StableSwapFactory contract can be reinitialize any time by anyone using the function
initialize
:As we can see, this function does not have any kind of protection
Attack Scenario:
Anyone can call the
initialize
function and changeLPFactory
,SwapTwoPoolDeployer
,SwapThreePoolDeployer
andadmin
variable, taking control of the contractBy taking control of the contract, the attacker can manipulate the functions
createSwapPair
createThreePoolPair
,addPairInfo
andtransferAdminship
Recommendation:
Use an initialize pattern as in the
StableSwapThreePool
andStableSwapTwoPool
contracts or implement the [OpenZeppelin] pattern (https://github.com/OpenZeppelin/openzeppelin-contracts/blob/49cd64565aafa5b8f6863bf60a30ef015861614c/contracts/proxy/utils/Initializable.sol#L104-L132)