Protocol may not work well with upgradeable tokens
Summary
If the relevant underlying tokens are upgradeable there is no telling what new implementation changes can bring and affect correct code or protocol in general
Vulnerability Details
Consider relevant tokens USDT, FRAX an upgradeable tokens which may change its implementation to impact the following
become or increase fee on transfer fees
blocklisting, blacklisting, pausing maybe even block the Moonwell contract addresses
return false on transfer, not return any value or change the transfer dynamics
Impact
Consider this assertio => "Non standard ERC20 token transferFrom does not return a boolean value and will cause Delegate Fixer to fail. This is out of scope as all mTokens that use Delegate Fixer underlying values return true on transferFrom."
If tokens upgraded to change above it results in problems which originally asserted not to be a problem e.g inability to transfer these tokens cant sweep, functions always reverting, cant cure the bad debt etc
Tools Used
Manual Analysis
Recommendations
Recommended to monitor for upgrades of these tokens. Recommended use safeTransferFrom. Recommended proposal move fast before upgrades. Recommend in future maybe whitelist allowed tokens avoid upgradeable tokens etc
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.