Pausable Tokens
Summary
Some tokens may be pausable making protocol unusable
Vulnerability Details
If collateralToken or loanTokens initialized are Pausable tokens such as example WBTC and if paused the Protocol will not function normally. There is no indication loanToken or collateralToken cant be Pausable tokens as any ERC20 can be initialized for pools;
Impact
Medium: If the token is paused then transfers of tokens into and out of the protocol are not possible, which impacts ability to deposit, ability to pay back, ability to move loans and all other such related functionality depending on transfer, transferFrom etc functions.
The links added have cases where transfer and trasnferFrom take place such that functions in Lender.sol such as setPool() addPool() removePool() borrow() repay() giveLoan() buyLoan() refinance() dont work making the protocol not work
Tools Used
Manual Analysis
Recommendations
It may be ideal to whitelist allowed tokens for loanToken and collateralTokens and not allow callback, hook, tokens such as ERC777, ERC1363,
It may be ideal to have safeguard measures on protocol e.g emergency patterns to activate them and protect protocol in the event of issues beyond control such as a token used in protocol being paused.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.