Hardcoded Router Address May Cause Token Lockup in Non-Standard Networks
Summary
This audit report provides an assessment of the contract containing the hardcoded router address for token swaps. The The hardcoded router address can cause issues when deployed on networks where this address does not correspond to the appropriate router. In such cases, tokens may become locked in the protocol indefinitely, preventing withdrawals and potentially leading to financial losses.
Vulnerability Details
https://github.com/Cyfrin/2024-12-alchemix/blob/main/src/StrategyOp.sol#L36
Impact
The presence of the hardcoded router address can lead to token lockup issues when the contract is deployed on networks with a non-standard router. Tokens sent to the contract for swapping purposes may not be routed correctly, potentially resulting in funds being locked in the protocol forever. This can result in users losing access to their tokens and can have severe financial consequences for affected users and the protocol.
Tools Used
Recommendations
address public swapRouter;
function setSwapRouter(address _newRouter) public onlyOwner {
require(_newRouter != address(0), "Invalid router address");
swapRouter = ISwapRouter(_newRouter);
}
Appeal created
Cannot Set A New Router In `StrategyMainnet.sol`
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.