Upgradeable contracts

CreditFacade contains a list of contracts that have practices potentially detrimental to security, called upgradeableContracts. Some of the examples of practices that would be grounds to inclusion are:

Ability to upgrade the contract implementation
Ability to make arbitrary calls (even restricted to admins)
Ability to transfer / transferFrom arbitrary tokens

Some of Gearbox's features are restricted to contracts that are not in the list.

The only current example is CreditFacade.approve(), which allows a user to set arbitrary allowance from a Credit Account to a contract that is recognized in the system. It is dangerous to allow this function for upgradeable contracts, as a compromised contract's implementation can be changed to allow the attacker calling transferFrom for arbitrary tokens, which would allow them to drain approved funds from Gearbox.

We anticipate that new restricted functions and features would be added as Gearbox grows.

Working with ETH Building