Old router retains unlimited approval when setRouter() is implemented
Summary
When setRouter() function is implemented to allow updating the router in the StrategyMainnet contract, the old router retains its unlimited token approval. This oversight can lead to significant risks if the old router is later compromised or misused, as it retains the ability to transfer all approved tokens (underlying) from the strategy.
Vulnerability Details
When changing the router using setRouter(), the old router’s token approval is not reset to zero. This creates a residual risk as the old router retains access to the strategy’s funds indefinitely.
Impact
If old Router is exploited, all approved underlying tokens could be drained from the strategy.
Tools Used
manual
Recommendations
Ensure the setRouter() function revokes the approval of the old router before setting a new one.
Appeal created
Old router approval is not revoked after an update
Old router approval is not revoked after an update
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.