Using invalid Maker token address
Description
In the UiPoolDataProvider contract, the variable MKRAddress is used to check the address of the Maker token. But it is hardcoded.
contract UiPoolDataProvider is IUiPoolDataProvider {
using WadRayMath for uint256;
using ReserveConfiguration for DataTypes.ReserveConfigurationMap;
using UserConfiguration for DataTypes.UserConfigurationMap;
IChainlinkAggregator public immutable networkBaseTokenPriceInUsdProxyAggregator;
IChainlinkAggregator public immutable marketReferenceCurrencyPriceInUsdProxyAggregator;
uint256 public constant ETH_CURRENCY_UNIT = 1 ether;
address public constant MKRAddress = 0x9f8F72aA9304c8B593d555F12eF6589cC3A579A2;
// ...
function getReservesData(ILendingPoolAddressesProvider provider)
public
view
override
returns (AggregatedReserveData[] memory, BaseCurrencyInfo memory)
{
// ...
if (address(reserveData.underlyingAsset) == address(MKRAddress)) {
bytes32 symbol = IERC20DetailedBytes(reserveData.underlyingAsset).symbol();
reserveData.symbol = bytes32ToString(symbol);
} // ...Maker token is deployed on Ethereum Mainnet at 0x9f8F72aA9304c8B593d555F12eF6589cC3A579A2. But in Mode blockchain, it is not deployed.
So, if this protocol is deployed on Mode blockchain, it will not work as expected.
Impact
If Maker token is deployed at another address in Mode blockchain, the function getReservesData() will fail with revert because getReservesData() could not cast Maker's symbol bytes32 to string.
In this case, this protocol could not get reserves data about Maker tokens. This means the protocol could not support Maker tokens.
Recommendations
Use a Maker token address in Mode blockchain instead of an address in the Ethereum network.
Remediation
Molend Labs provided the following response:
MKR doesn't exist on Mode yet. We will keep it this way for now and update the address once it's deployed.