Approval not set to 0 to Old router before New router is set
Summary
The approve function in the strategy contract allows for an unlimited allowance (type(uint256).max) to a new router when switching to it. However, the approval for the old router is not revoked, leaving the old router with maximum approval. This creates an over-allowance vulnerability where unauthorized or unintended actions can exploit the old router's residual approval.
Vulnerability Details
The function does not revoke allowances for the old router when transitioning to a new one.
The first Router address and the Second both will have type(uint256).max approve.
Impact
Unnecessary approve for old router which leaves every old router with max approve.
Tools Used
Solidit:
Defi / General / SOL-Defi-General-6 Does the protocol revert on maximum approval to prevent over-allowance? Setting high allowances can make funds vulnerable to abuse; protocols sometimes set max to prevent this risk. Consider implementing a revert on approval functions when an unnecessarily high allowance is set.
Recommendations
Revoke Old Router Approval: Introduce logic to explicitly reset the allowance of the old router to zero (
underlying.safeApprove(oldRouter, 0)) before assigning maximum approval to the new router.
Appeal created
Old router approval is not revoked after an update
Old router approval is not revoked after an update
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.