When the Smart Contracts team analyzed TUSD, we determined that since it uses an “upgradability proxy pattern” that the team controlling TUSD could point the token to a new implementation, one that hadn’t been vetted by the SC Team or an outside team with enough notice. Therefore, the token adapter for TUSD was fixed to a specific implementation of the code.
This morning, TUSD underwent 3 upgrades (an upgrade that was missing some safe math checks, then a downgrade back to the old one, then the one that’s currently active).
Token Adapters are some of the most powerful contracts in the Maker Protocol. They have access to the system core and require extensive auditing and vetting. We put this implementation whitelist in place to protect the system. Glad to see that it’s working! Personally, I don’t see any malice here, but we are going to need another round of verification for the new implementation.
We can discuss more here or in chat and I’ll be in touch with Rich and LFW and others to see how we proceed.