DeFiFoundrySolidity
16,653 OP
View results
Submission Details
Severity: low
Invalid

Hardcoded router addresses in strategy initialization

Both StrategyOp and StrategyArb contracts have hardcoded router addresses in their initialization functions:

function _initStrategy() internal {
router = 0xa062aE8A9c5e11aaA026fc2670B0D65cCc8B2858; // for StrategyOp
// or
router = 0xAAA87963EFeB6f7E0a2711F397663105Acb1805e; // for StrategyArb
underlying.safeApprove(address(router), type(uint256).max);
}

While these can be updated later using setRouter, hardcoding addresses makes deployment across different networks or testing environments more difficult and prone to errors.

https://github.com/Cyfrin/2024-12-alchemix/blob/82798f4891e41959eef866bd1d4cb44fc1e26439/src/StrategyArb.sol#L36

https://github.com/Cyfrin/2024-12-alchemix/blob/82798f4891e41959eef866bd1d4cb44fc1e26439/src/StrategyOp.sol#L38

Updates

Appeal created

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Lack of quality
inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Lack of quality

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.