Stale-approval exposure on deprecated router

SUNSwap (sun.io)'s assessment for RD-F-168 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Smart Router has deprecated prior addresses (docs.sun.io lists deprecated router addresses). September 2024 upgrade created a fresh deprecated surface (prior router address). Users who approved prior routers still have active unlimited approvals. No explicit revoke notice found in sunio.zendesk.com announcements. This is a post-deploy hygiene failure: protocol did not publish a revoke-notice or emit off-ramp events for deprecated router approvals.

Sources #

URL
SUN.io Smart Router docs — deprecated addressesdocs.sun.io Smart Router: deprecated addresses also listedretrieved 2026-05-17
URL
SUN Support: Smart Router upgrade — no revoke noticesunio.zendesk.com Sep 2024 Smart Router upgrade: no revoke notice publishedretrieved 2026-05-17

Methodology #

Count the number of active user approvals (ERC-20 `allowance`) to deprecated router or protocol contracts.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol sunswap factor RD-F-168 score yellow collected_at 2026-05-17 14:37:31