Stale-approval exposure on deprecated router

Frax Finance's assessment for RD-F-168 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Frax has deprecated Fraxswap V1 Router (0x1c6ca5dee) and Multihop V2 Router (0x25e9aca5). Legacy AMO contracts (dozens) may have user approvals outstanding from 2021-2023. No active allowance scan conducted. Protocol's migration from FRAX v1 to v3 did not include documented user-approval revoke guidance found publicly. Stale approvals to deprecated routers represent an ongoing hygiene risk.

Sources #

Etherscan
Fraxswap Router V1 | EtherscanFraxswap Router V1 0x1c6ca5dee — legacy contract still on-chain; users may have outstanding approvalsretrieved 2026-05-17
Internal
00-profile.md §3 DeploymentsProfile §3 — Fraxswap Router V1 0x1c6ca5dee and Multihop V2 Router 0x25e9aca5 exist as secondary/deprecated surfacesretrieved 2026-05-17

Methodology #

Count the number of active user approvals (ERC-20 `allowance`) to deprecated router or protocol contracts.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol frax factor RD-F-168 score yellow collected_at 2026-05-16 20:44:31