Description

The Bfx contract holds assets of customers. As WETH and USDB on Blast provide the yield to users holding the token, Bfx also has the features to claim this yield. Specifically, Bfx has the role claimer, which can trigger the claiming of the yield for the payment token. Accordingly, Bfx changes the yield mode of itself to CLAIMABLE in the constructor function, which allows assets and yield to be managed separately.

However, if the payment token of the contract is changed by the setPaymentToken function, the yield mode of the payment token is not changed.

Impact

The contract would receive the yield via rebasing of the asset if the payment token is changed. This issue breaks the features of the Bfx contract related to claiming.

Recommendations

Consider adding the logic that configures the yield mode of the new payment token.

Remediation

Blast Futures stated that they do not expect to change the payment token unless it is required to do so due to the major event, and they would deploy the new contract if it breaks the functionality of the existing contract.