CreditFacade contains a list of contracts that have practices potentially detrimental to security, called
upgradeableContracts. Some of the examples of practices that would be grounds to inclusion are:
- Ability to upgrade the contract implementation
- Ability to make arbitrary calls (even restricted to admins)
- Ability to
Some of Gearbox's features are restricted to contracts that are not in the list.
The only current example is
CreditFacade.approve(), which allows a user to set arbitrary allowance from a Credit Account to a contract that is recognized in the system. It is dangerous to allow this function for upgradeable contracts, as a compromised contract's implementation can be changed to allow the attacker calling
transferFrom for arbitrary tokens, which would allow them to drain approved funds from Gearbox.
We anticipate that new restricted functions and features would be added as Gearbox grows.