Alchemix Transmuter

Alchemix

DeFiFoundrySolidity

16,653 OP

View results

Previous Next

Submission Details

Severity: low

Valid

Approval Persists on Router Change

cipherhawk

Issue: Approval Persists on Router Change

Description

When setRouter is called, the strategy grants an unlimited (type(uint256).max) allowance to the new router but never resets the allowance to the old router. Consequently, the outdated router retains an unlimited allowance even after it is no longer in use.

Impact: High

Unbounded Token Drains:
A compromised or malicious old router can continue to transfer tokens at will, leading to potential large-scale token theft.
Expanded Attack Surface:
Over time, multiple routers may accumulate max approvals, increasing the vulnerability footprint.
Protocol Funds at Risk:
If an attacker controls any one previously approved router, they can drain the strategy’s underlying tokens.

Evidence from Code

function setRouter(address _router) external onlyManagement {

router = _router;

underlying.safeApprove(router, type(uint256).max);

// The old router's allowance is never revoked

}

Here, the old router’s type(uint256).max approval remains in place indefinitely.

Attack Scenario

Router Compromise:
- The old router is compromised after setRouter updates the contract to a new router address.
Retained Allowance:
- The compromised router still has type(uint256).max approval from the strategy contract.
Token Drain:
- The attacker calls transferFrom repeatedly on the strategy’s underlying tokens to drain its balance.

Recommended Mitigation

Revoke Old Allowances Before Update

function setRouter(address _router) external onlyManagement {
// Revoke allowance from the current router
underlying.safeApprove(router, 0);

// Set the new router
router = _router;

// Grant a new allowance
underlying.safeApprove(router, type(uint256).max);
}
Consider a Timelock or Access Control
- Adding a waiting period before finalizing a router change allows the community or team to vet the new router contract and detect potential malicious activity in time.
Whitelist / Registry of Trusted Routers
- Restrict which addresses can be set as router to a predetermined set of verified, safe contracts.

Conclusion

By neglecting to reset the allowance on the old router, the strategy leaves itself exposed to a high-severity risk: a malicious or compromised router can remain approved for unlimited transfers. Implementing an explicit allowance revocation procedure before switching to a new router helps prevent unauthorized token movement and secures user funds.

Updates

Appeal created

inallhonesty Lead Judge 8 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Old router approval is not revoked after an update

Prize pool breakdown

Total prize

16,653 OP

nSLOC

253

66 OP / LOC

High Medium

15,800

Low

853

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.