Unsafe Router Migration in StrategyOp Leaves Tokens Vulnerable to Being Stuck
Summary :
looking at StrategyOp.sol, the setRouter function doesn't handle old approvals when changing routers:
Vulnerability Details :
The setRouter function in StrategyOp.sol allows changing the DEX router without revoking previous approvals or recovering potentially stuck tokens, creating a risk of permanent token loss during router migrations.
The vulnerability stems from incomplete router migration handling in StrategyOp.sol. When management changes the router address, the function fails to revoke existing approvals from the previous router, maintains no verification of potentially stuck tokens in the old router contract, and lacks any built-in mechanism to recover those tokens. This creates a compound security risk where multiple routers retain spending permissions while tokens could become permanently locked in deprecated router contracts.
Impact :
Tokens stuck in old router become unrecoverable
Tools Used :
Manuel review.
Recommendations :
Implement approval revocation for old router.
Appeal created
Old router approval is not revoked after an update
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.