The main protocol `BriVault` does not prohibit the use of `Weird ERC20` tokens, which may lead to unexpected issues.
The main protocol BriVault does not prohibit the use of Weird ERC20 tokens, which may lead to unexpected issues.
Description
The protocol exhibits the following core behaviors:
Users deposit funds and wait until the event concludes, after which winners claim their rewards.
These behaviors rely on the stability mechanism of the vault asset token to interact correctly with users.
However, the protocol does not explicitly prohibit the use of
Weird ERC20tokens as the vault asset token, which may trigger a series of related issues.
Risk
Likelihood:
Occurs only if the administrator carelessly selects a
Weird ERC20token as the vault asset token without thorough vetting.
Impact:
For example, Fee-on-Transfer or Rebase Tokens deduct fees or adjust balances during transfers, which may cause accounting inconsistencies.
For example, Pausable Tokens can be frozen under certain conditions, blocking user interactions with the protocol.
Other non-standard ERC20 behaviors may similarly disrupt expected protocol logic.
Proof of Concept
N/A
Recommended Mitigation
Explicitly state in the protocol documentation that the use of
Weird ERC20tokens as the vault asset token is strictly prohibited.(Optional enhancement) Consider implementing on-chain validation to reject known problematic token types during vault initialization.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.