Sparkn

Summary

The ProxyFactory contract provides a mechanism to whitelist tokens during its construction. However, there is no functionality to add or remove tokens from this whitelist post-deployment. This can lead to potential issues in the future if there's a need to support more tokens or remove existing ones.

Vulnerability Details

The ProxyFactory contract initializes its whitelistedTokens mapping in the constructor. This mapping is used to keep track of tokens that are whitelisted. However, once the contract is deployed, there is no function provided that allows the owner to update this list. This means that:

1. New tokens cannot be added to the whitelist.

2. Existing tokens cannot be removed from the whitelist.

This rigidity can lead to potential challenges, especially if there's a need to support new tokens in the future or if a token previously whitelisted is compromised or no longer relevant.

Impact

Future Flexibility: The contract lacks the flexibility to adapt to changes in the token landscape. If there's a need to support a new token or remove an existing one, it would require deploying a new contract and migrating state/data, which can be cumbersome and potentially error-prone.

Operational Challenges: If a token that's whitelisted is compromised or has issues, there's no way to remove it from the whitelist, potentially leading to operational challenges.

Tools Used

Manual review.

Recommendations

Add Functionality to Update Whitelist: Implement functions that allow the owner (or another privileged role) to add or remove tokens from the whitelistedTokens mapping. Ensure that these functions emit events for transparency and auditing purposes.