Sparkn

Summary

The ProxyFactory contract lacks the functionality to dynamically add or remove whitelisted tokens after deployment. The absence of this capability can lead to inflexible token management, making it difficult to accommodate new tokens or exclude unwanted tokens.

Vulnerability Details

The contract's constructor initializes the list of whitelisted tokens, but it doesn't provide any functions to modify this list after deployment. This limitation can result in outdated token support, inconvenience when adding or removing tokens, and a lack of flexibility in adapting to changes in token ecosystems.

Impact

Inflexible Token Management: The inability to update the list of whitelisted tokens can lead to inflexibility in token support, preventing the addition of new tokens or the removal of unwanted ones.

Stale Token Support: The contract might not be able to support newly popular or widely adopted tokens that emerge after deployment.

Inconvenience: Adding or removing whitelisted tokens would require deploying a new contract or employing workarounds, which can be inconvenient and inefficient.

Tools Used

Manual Audit

Recommendations

Implement functions to dynamically manage whitelisted tokens:

Add Whitelisted Token: Allow the contract owner to add tokens to the whitelist with proper input validation.

Remove Whitelisted Token: Enable the contract owner to remove tokens from the whitelist while performing necessary checks.