Summary

We are setting the list of tokens while deploying the proxy contract as whitelisted but we do not have any feature to remove or add new tokens. If we can add an owner-controlled setter function where an owner can unlist already listed tokens or can add new tokens then we can be saved from the glitches of below mentioned tokens.

Upgradable Tokens

Some tokens (e.g. USDC, USDT) are upgradable, allowing the token owners to make arbitrary modifications to the logic of the token at any point in time.

A change to the token semantics can break any smart contract that depends on past behaviour.

Pausable Tokens

Some tokens can be paused by an admin (e.g. BNB, ZIL).

Similarly to the issue above, an admin-controlled pause feature opens users of the token to risk from a malicious or compromised token owner.

We should have the feature to remove the already whitelisted tokens if something like this happens, or we can also add new tokens support.

Tools Used

Manual Review

Recommendations

We should have the feature to remove the already whitelisted tokens if something like this happens, or we can also add new tokens support.