Tokens can't be added to whitelist after initialisation

[hats-bug-reporter[bot]]

Github username: -- Twitter username: -- Submission hash (on-chain): 0x5f595ae8fc1d8a0b6fab8d9cc545ec6394773561cb044cc4f9dd17400fb1444f Severity: medium

Description: Description\ The contract TokenWhitelistManagement.sol has a function __TokenWhitelistManagement_init that adds the token to the whitelisting array but only during the initialisation via calling the internal funciton _addTokensToWhitelist, however there is no function that can be directly called to add more tokens in the whitelist whitelistedTokens[_token] mapping.

Attack Scenario\ This is a flawed design, if you look at the UserWhitelistManagement.sol contract the users are added via funciton whitelistUser but in TokenWhitelistManagement.sol this is only done while initialising the contract.

1. Contract is initialised with let's say only 2 tokens
2. Owner wants to add more tokens to whitelist
3. He can't do that since there is no such function available after initialisation.

Attachments

1. Proof of Concept (PoC) File

2. Revised Code File (Optional) Add a function just like the implementation of UserWhitelistManagement.sol contract to add more tokens to whitelist.

[langnavina97]

This is an intentional design choice. Asset managers select the tokens allowed for the portfolio during its creation to prevent unexpected events, such as asset managers rebalancing to self-created tokens or other tokens with high risk. Therefore, updating the token whitelist after initialization should not be possible.