The contract grants maximum possible allowances (type(uint256).max)
of LinkToken
and SDLToken
to the _router. This practice can lead to catastrophic consequences if the _router
is compromised
. Attackers could exploit this unlimited access to drain funds from the contract.
Code snippets:
A compromised _router
could drain the entire contract's holdings of LinkToken
and SDLToken
.
Manual Review
Modify the code to approve only the exact amounts of tokens required for specific transactions.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.