Submission Details
Severity:
Approval not revoked when changing router
Summary
Router approval persists after address changes, allowing old routers to maintain access.
Vulnerability Details
The strategy initialization sets an initial router address and grants it unlimited approval (uint256.max) to spend the underlying token:
function _initStrategy() internal {
router = 0xa062aE8A9c5e11aaA026fc2670B0D65cCc8B2858;
@> underlying.safeApprove(address(router), type(uint256).max);
}
However, when setting a new router address, the function fails to revoke the previous router's approval before granting approval to the new one:
function setRouter(address _router) external onlyManagement {
router = _router;
underlying.safeApprove(router, type(uint256).max);
}
Impact
Old router will still have full access to the underlying token balance of the strategy.
Tools Used
Manual Review
Recommendations
function setRouter(address _router) external onlyManagement {
+ underlying.safeApprove(router, 0);
router = _router;
underlying.safeApprove(router, type(uint256).max);
}
Updates
Appeal created
inallhonesty 5 months ago
Submission Judgement Published Assigned finding tags:
Old router approval is not revoked after an update
inallhonesty 5 months ago
Submission Judgement Published Assigned finding tags:
Old router approval is not revoked after an update
Prize pool breakdown
Total prize
16,653 OP
nSLOC
25366 OP / LOC
15,800
853
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.