Unrevoked Token Approval for Old Router
Summary
The setRouter function in the StrategyOp contract allows the contract’s management to update the address of the router used for token swaps. However, the current implementation only approves the new router, without explicitly revoking approval for the old router. This can lead to a security vulnerability where the previous router address could still be able to spend tokens.
Vulnerability Details
The setRouter function updates the router address and approves the new router to spend the underlying token using safeApprove. However, it does not revoke the approval for the old router. In the current implementation, there is no mechanism to revoke the old router’s approval when a new one is set. This leaves the previous router address with the ability to spend unlimited tokens, potentially resulting in unauthorized token transfers or security exploits.
Impact
The old router can still call safeApprove or other methods to withdraw or spend tokens, resulting in potential loss or misappropriation of funds.
Attackers or unauthorized entities could take advantage of the lingering approval for the old router, potentially draining funds.
Tools Used
Recommendations
Appeal created
Old router approval is not revoked after an update
Old router approval is not revoked after an update
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.