Users who get blacklisted by tokens governance cannot call `ZENO.redeem()`
Summary
Users who get blacklisted by tokens governance cannot call ZENO.redeem().
Vulnerability Details
Smart contract withdrawal and redemption functions can encounter failures when dealing with centralized stablecoins, particularly if the transaction involves assets linked to blacklisted or blocked addresses.
When an address is blacklisted, any attempt to transfer these stablecoins from that address is automatically restricted at the protocol level, preventing the completion of the transaction, as users may unexpectedly find themselves unable to access or move their funds due to external controls imposed by the stablecoin issuer.
In the nomal cases this have low likelihood.
However, since the MATURITY_DATE is being set to a year as pear in the test folder Integration.Test.js:
https://github.com/Cyfrin/2025-02-raac/blob/89ccb062e2b175374d40d824263a4c0b601bcb7f/test/unit/Zeno/Integration.test.js#L67
A user could get blacklisted resulting in his funds being stuck.
Impact
This may lead to a loss of funds for the user.
Tools Used
Manual Review.
Recommendations
Allow the users to redeems their ZENO tokens for other addresses.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.