Stale-approval exposure on deprecated router

Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap's assessment for RD-F-168 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

RouteProcessor2 exploit (Apr 2023) prompted urgent calls for users to revoke approvals. Sushi set up a revoke portal (sushi.com/swap/approvals) and advised use of revoke.cash. The RP2 contract (0x044b75f554b886A065b9567891e45c79542d7357) remains deployed and non-revocable at contract level — only users can individually revoke. Two years post-exploit, a subset of users likely still have outstanding approvals. Protocol mitigation was advisory only; no automatic revocation or approval expiry mechanism was deployed. Documented hygiene gap.

Sources #

Etherscan
SushiSwap: Route Processor 2 — EtherscanRouteProcessor2 contract still deployed at 0x044b75... on Ethereumretrieved 2026-05-17
URL
How to Revoke Transaction Approvals — Sushi FAQSushi FAQ — how to revoke approvals; revoke portal at sushi.com/swap/approvalsretrieved 2026-05-17
URL
RouteProcessor2 Post Mortem — SushiRouteProcessor2 post-mortem — 'not possible to revoke access for users'; recommended revoke.cashretrieved 2026-05-17

Methodology #

Count the number of active user approvals (ERC-20 `allowance`) to deprecated router or protocol contracts.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol sushi factor RD-F-168 score yellow collected_at 2026-05-16 19:50:37