Soroswap.Finance Docs
  • Welcome 👋🏼
    • What is Soroswap Finance?
    • Getting Started
      • Wallet Setup and Connection
      • How to Swap
      • Provide Liquidity
      • How the Aggregator Works
  • Concepts
    • AMM
    • Liquidity Pools
    • Swap
    • Fees
    • Slippage
    • Router
    • SDEX
    • Aggregator
    • Trustlines
    • Advanced Topics
      • Pricing
      • Understanding Returns
      • Security
      • Research
  • Soroswap AMM (DEX)
    • How Soroswap AMM works
    • Ecosystem Participants
    • Audits
    • Technical Reference
      • Smart contracts
        • SoroswapPair
        • SoroswapFactory
        • SoroswapRouter
        • SoroswapLibrary
      • Deployed Addresses
      • Error Codes
      • Using Soroswap with TypeScript
      • Smart Contract Integration
      • Deploy Soroswap Yourself
        • Setup your environment.
        • Experiment the Pair contract
        • Experiment the Factory Contract.
        • Deployments.
        • Using the Soroswap Testnet
    • Glossary
  • Soroswap Aggregator
    • Supported AMMs
    • Audits
    • Technical Reference
      • How Soroswap Aggregator works
      • Design
      • Technical Overview
      • Aggregator Operation
      • Smart Contracts
        • SoroswapAggregator
        • Adapter Trait
        • SoroswapAdapter
      • Inspirations
        • 1inch
      • Other AMMs in Soroban
        • Phoenix
    • Disclaimer
  • Swap Route API
  • Soroswap Info
  • Tutorials
    • Installing Freighter
    • Soroswap sections
    • Adding Liquidity
    • Doing Swap
    • Remove Liquidity
    • Using Stellar Classic Assets
      • Wrapping Stellar Classic Assets
      • Swap Stellar Classic Assets
      • Test Stellar Classic Assets
    • Bridge using Pendulum
    • Conclusions
  • Partnerships
    • Collaboration with Mercury and SubQuery
    • Business Partnerships
  • Support & Resources
    • About Us
    • General FAQ
    • Additional Resources
Powered by GitBook
On this page
  • Risk Description:
  • User Guidance:
Edit on GitHub
  1. Soroswap Aggregator

Disclaimer

PreviousPhoenixNextSwap Route API

Last updated 8 months ago

The Aggregator protocol interacts with various subcontracts through Adapter contracts and directly with exchange protocols. It is important to note that some of these protocols may upgrade their WebAssembly (WASM) code. While upgrades can bring new features and improvements, they also pose potential risks, including the introduction of malicious code. Similarly, tokens themselves can be upgraded or may contain malicious code, especially when dealing with unknown or unverified assets.

Risk Description:

When using the Aggregator, transactions transitively call multiple subcontracts. If the signature of a transaction passes the require_auth checks at each level, the called contracts can fully manipulate the signer's funds. This means that if a protocol the Aggregator accesses or a token being traded is upgraded to malicious code, there is a risk that a transaction could lead to the loss of some or all of the signer's funds, even if it passes the minimum or maximum checks on dynamic assets (e.g., swap_exact_tokens_for_tokens).

User Guidance:

  • Inspect Contracts and Tokens: Users should carefully inspect and understand the footprint and authorization payloads of each contract call within a transaction, as well as the nature and history of the tokens being traded.

  • Understand the Risk: We acknowledge that not every user may have the technical knowledge to discern when a transaction might have malicious effects. Therefore, we recommend users educate themselves on the potential risks involved with protocol upgrades, subcontract calls, and token interactions.

  • Educational Resources: For more information on understanding contract interactions, token risks, and the dangers associated with protocol and token upgrades, please refer to the following .

By using the Aggregator, you acknowledge the potential risks associated with subcontract calls, protocol upgrades, and token interactions. Please use this service responsibly and remain vigilant when interacting with any smart contracts and tokens.

resources