Some tokens (e.g. USDC) have a contract level admin controlled blocklist. If admin sets address into a blocklist, the transfer from and to that address is forbidden.
Other tokens can be paused by admin (e.g BNB). When token is paused, it cannot be transferred.
User may not be able to call withdraw on such tokens, thus tokens will stuck in a contract.
When erc20UnderlyingAmount is paused, or contract's address appears on the blocklist - safeTransfer will always fail - thus withdrawing and burning principal token will not be possible.
Tools Used
Manual code review
Recommended Mitigation Steps
Make sure, that tokens with blocklist or pausable tokens are forbidden in the contract. Otherwise, they may stuck in the protocol.
Lines of code
https://github.com/code-423n4/2023-09-delegate/blob/a6dbac8068760ee4fc5bababb57e3fe79e5eeb2e/src/DelegateToken.sol#L370-L375
Vulnerability details
Impact
Some tokens (e.g. USDC) have a contract level admin controlled blocklist. If admin sets address into a blocklist, the transfer from and to that address is forbidden. Other tokens can be paused by admin (e.g BNB). When token is paused, it cannot be transferred.
User may not be able to call
withdraw
on such tokens, thus tokens will stuck in a contract.Proof of Concept
File: src/DelegateToken.sol
When
erc20UnderlyingAmount
is paused, or contract's address appears on the blocklist -safeTransfer
will always fail - thus withdrawing and burning principal token will not be possible.Tools Used
Manual code review
Recommended Mitigation Steps
Make sure, that tokens with blocklist or pausable tokens are forbidden in the contract. Otherwise, they may stuck in the protocol.
Assessed type
ERC20