[M-0] USDC has blacklist, upgradeable and pauseable features which might potentially disrupt the protocol
Summary
USDC is the choosen token of protocol for airdrop and has some features which might disrupt the protocol functionality.
Vulnerability Details and impact
USDC has the following features:
Blacklist: The blacklist feature of USDC allows its creators to freeze or block specific addresses for multiple reasons. If the contract address of the protocol or eligible users get added to the black list of USDC, any further interaction with USDC will be prevented and causes disruption in normal functionality of the protocol.
Pauseable: USDC can halt the transfer of tokens at anytime they consider it's needed and therefore this can cause disruption in any protocol which relies on their token.
Upgradeablity: At the end of the day, the creators of USDC can make any changes to the smart contract governing USDC, which might impose incompatibility to those protocols which rely on USDC.
Tools Used
Manual review
Recommendations
Use other tokens which don't have these features or the native coin of chain. If it's necessary to utilize USDC, it is advisable to consider and prepare for the features mentioned above, for example:
Adding a function to change the airdropping token, making your contract upgradeable, etc.
Lead Judging Commences
Invalid according to docs
https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity#findings-that-may-be-invalid
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.