Missing setRouter Functionality in StrategyMainnet.sol
Vulnerability Details:
The StrategyMainnet.sol contract lacks a setRouter function that allows management to update the Curve Router address. This functionality is critical for ensuring adaptability to potential upgrades or changes in the Curve Router contract.
A similar functionality is already implemented in the StrategyOp.sol and StrategyArb.sol contract, but it is notably absent in StrategyMainnet.sol.
Impact
The Curve Router address is a pivotal dependency for the StrategyMainnet.sol contract, as it is utilized for routing swaps. However, the absence of a mechanism to update this address introduces the following risks:
Lack of Upgradeability: In case of a Curve Router upgrade or migration to a new address, the contract cannot adapt, potentially leading to disruptions in its functionality.
Operational Risk: If the Curve Router becomes compromised, the inability to update its address could expose the strategy to security vulnerabilities or operational failures.
Tools Used
Manual Review
Recommendations
Implement a setRouter functionality as implemented in other contracts: StrategyOp.sol and StrategyArb.so
In the StrategyMainnet.sol you can add the below function or something similar to this:
Appeal created
Cannot Set A New Router In `StrategyMainnet.sol`
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.