Protocol only sets the whitelisted tokens only once and there is no updates capability
There is no way to add or remove tokens from whitelist
The protocol owner only whitelists tokens at the deployments of the ProxyFactory.sol and there is no capability to update these tokens. Although tokens will be whitelisted e.g preference major coins as stated in @NatSpec constructor "e.g. USDC, JPYCv1, JPYCv2, USDT, DAI" ProxyFactory.sol line 77 and 78 it seems preference is stablecoins and major coins without specific policies on what type fo features e.g risks these coins must have. There could still arise problems with one or few coins or stablecoins or coins that have been whitelisted. Consider one of many example cases below.
Owner could consider USDT best coin and deploy with only this token. However Tether as centralized coin can be blocked or stopped due to reserve issues, depeg, legal or regulatory issues implying this projects only whitelisted token is not capable of being used in the protocol
Owner could deploy project with only [USDT, DAI, USDC] but majority sponsors prefer JPYCv1, JPYCv2 so no one will send funds to the Proxies to support the projects rendering the protocol/project useless
High Impact - this renders the protocol useless as it can not be funded for contests/innovations or pay out the various supporters/winners.
Manual Analysis
It is recommended to ensure protocol makes use of as many good coins as possible for whitelist to mitigate risks
It is recommended to ensure coins are chosen not because they are major coins as stated in their notes but because they have low risks that ensure continuity of protocol and project.
It is recommended to add access controlled owner only functionality to ProxyFactory.sol to add and remove tokens e.g
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.