Impossible Finance
Impossible Finance uses decentralised financial protocols to give everyone the same access to financial products, which were previously only available to institutions and select individuals. Impossible Finance has a vision to level the playing field by building a fair, more accessible open financial system for all.
PoC required
The ImpossibleRouter01.sol smart contract is considered as out-of-scope of the bug bounty program.
Please note that the current settings in the repository are optimized for running our test cases. These settings include changing the duration of “ONE_DAY” to 50 binance smart chain blocks (as opposed to 28800) and commenting out require statements in modifiers such as onlyGovernance in ImpossiblePair.sol and setRouter in ImpossibleFactory.sol. Specifically, we are aware that with these settings, if a router is not initialized upon contract deployment, an adversary can call setRouter and link a malicious router which takes advantage of how cheapSwap in ImpossiblePair.sol doesn’t perform K invariant checks. The scope of the bug bounty covers the “production version” of these contracts in which the 3 variables are uncommented instead of commented.