Problem Tokens e.g Blacklist tokens - Need Whitelist
Summary
There is no whitelist of tokens
Vulnerability Details
It is better to whitelist a set of tokens within the code from get go as this helps prevent the challenges of the following types of tokens
Avoid scam coins, shitcoins, pretender coins e.g USDC named fake coin that seller may be fooled by
Avoid tokens that can be controlled e.g ERC1400 permissioned addresses, ERC1644 forced transfers
Impact
Medium
Scam coins can be used knowingly or unknowingly in as loanTokens, collateralTokens in pools
Controlled tokens may mean buyer funds may be take out; account may be blacklisted; balances may be changed; of the borrower or lender - This makes the protocol not work as transfers from borrowers or lenders can not happen
Cant swap profits from tokens to WETH to get fees for Staking so staking no longer has fees to support it
Tools Used
Manual Analysis
Recommendations
It is recommended scam coins,controlled coins,not be allowed e.g
It is recommended the contracts have a set of whitelisted coins acceptable to all parties or generally acceptable good
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.