Summary

Protocol although it specifies it whitelists tokens there is no indication that it will prefer tokens that cant be blocked by owners, admins, or central parties for the token. There are various tokens that have capability to stop normal functioning of token

Vulnerability Details

Although tokens will be whitelisted e.g preference major coins as stated in @NatSpec constructor "e.g. USDC, JPYCv1, JPYCv2, USDT, DAI" ProxyFactory.sol line 77 and 78 it seems preference is stablecoins and major coins without specific policies on what type of features e.g risks these coins must have. There could still arise problems with one or few coins or stablecoins or coins that have been whitelisted. Consider one of many example cases below.

There are various tokens and token standards that can result in transfers being stopped, blocked, blacklisted, paused or disallowed. This entails protocols may function well with these tokens up until a time when any of above measures activated e.g token is paused, accounts are blacklisted etc leading to inability to perform transfers into and out of the protocol

Cases in point include below

• USDT can blacklist addresses, so if the protocol contracts are blacklisted they cant transfer in funds, transfer out commissions or make payments to winners etc. If winners are blacklisted they cant receive their payments

• Other token standards such as Tokens such as ERC20Pausable, Pausable Tokens like WBTC, ERC1400, Polymath like tokens; it implies the all instances mentioned in the links provided will not function for transfers.

Impact

Medium - this renders protocol incapable of being used especially given the whitelisted tokens cant be updated. If a single whitelisted token e.g USDT blacklists the protocol, its contract addresses, winners, commission addresses or STADIUM address etc transfers in and out of that token become impossible

Tools Used

Manual Analysis

Recommendations

It is recommended token whitelisting set clear policies to avoid tokens with block, pausable, blacklisting, stop, limiting, transfer denying, overpowered control even if they are stablecoins.