This function setRouter
is designed to update the router address used for swapping WETH (Wrapped Ether) to alETH.
The setRouter
function allows for the setting of a new router address and approves the router to spend an unlimited amount of the underlying asset. However, the previous router which is likely compromise or not in usage doesn't have its approval revoke allowing for malicious usage.
Recall that the previous router was initial approved to type(uint256).max. Approving type(uint256).max is a common practice in DeFi, but it does pose a risk if the router is compromised or behaves maliciously.
If the previous Router was compromised or is intended to no longer be in used, leaving the approval as it was pose a serious risk
Manual
Modify the function as thus:
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.