code423n4 commented 1 year ago

Lines of code

Vulnerability details

Impact

There are various tokens and token standards that can result in transfers being stopped, blocked, blacklisted, paused or disallowed. This entails protocols may function well with these tokens up until a time when any of above measures activated leading to inability to perform transfers into and out of the protocol

Proof of Concept

Tokens such as ERC20Pausable, Pausable Tokens like WBTC, ERC1400, Polymath like tokens, USDC has Circle which can block certain addresses; it implies all instances mentioned in the few above links and many others not mentioned with token transfers where tokens can be in described category e.g USDC results in those function parts not being able to perform transfers if block activated on the tokens.

What's worse is tokens with blacklisting capabilities may block the various contract addresses of protocol, it admins, governance contracts etc which renders them incapable to send and receive these tokens to function fully.

Tools Used

Manual Analysis

Recommended Mitigation Steps

It is recommended such tokens be disallowed from being used with the protocol Consider a whitelist of allowed tokens that excludes such tokens Consider a policy to use the pause and unpause functionality if the tokens active their blocking capabilities in instances that are detrimental to the protocol

Assessed type

Other

c4-pre-sort commented 1 year ago

bytes032 marked the issue as low quality report

bytes032 commented 1 year ago

Invalid

c4-judge commented 1 year ago

GalloDaSballo marked the issue as unsatisfactory: Overinflated severity

code-423n4 / 2023-08-dopex-findings

Protocol wont work with tokens that can block or prevent transfers e.g Pausable, Blacklist, Blocking etc #310