router : Potentional issue with not resetting the approval to a router when it is removed
Summary
All three strategies uses the **router **which will be used to swap the token from one to another. in this case, the underlyign to asset. The strategy contracts initalise the router with approval approved by the strategy contracts. For example.
**StrategyOp.sol - `**underlying.safeApprove(router, type(uint256).max);`
After some time due to any reason, the management can change the rotuer with new one along with approval by calling the function **setRouter. **The issue is, the approval to the old router is not removed or reset.
Vulnerability Details
Router set with approval. -- initStrategy()
Old rother is removed and new one is set with fresh approval by calling the setRouter function.
Impact
There are many reason why a router is replace. Lets see coupld of sitiation in which a router can be replaced.
For ehnanced functionality.
when the old router turns into malicious.
usage of old router would not benefit and cause any backdoor issue.
In the case of malicious behaviour, the approval set by the stragy contract would be used to move the funds unexpectedly.
Tools Used
Manual review.
Recommendations
Appeal created
Old router approval is not revoked after an update
Old router approval is not revoked after an update
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.