Submission Details
Severity:
Previous router will have max approval of underlying forever
Summary
Router which was used before and now changed will have max approval of underlying tokens forever.
Vulnerability Details
Router address is set in the constructor and given max approval of underlying tokens and when admin wants to change the router address, admin will call setRouter and given max approval to new router.
Here the approval of old router is not set to 0 which can be problematic if old router do malicious things. It is safe to set approval to 0 for old router.
Impact
Old router can get all of the underlying tokens.
Tools Used
Manual review
Recommendations
Protocol must reset aprroval to 0 when router is changed.
Updates
Appeal created
inallhonesty 6 months ago
Submission Judgement Published Assigned finding tags:
Old router approval is not revoked after an update
inallhonesty 6 months ago
Submission Judgement Published Assigned finding tags:
Old router approval is not revoked after an update
Prize pool breakdown
Total prize
16,653 OP
nSLOC
25366 OP / LOC
15,800
853
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.