Using Blacklisting Tokens as Currency

Using a token that allows backlisting (e.g. USDC) as your requestPrice currency opens up a griefing vector that integrators should be aware of.

The proposePriceFor and disputePriceFor functions allow the caller to set any address as the proposer and disputer that will receive payouts if their proposal/dispute is correct upon settlement. If a bad actor calls both proposePriceFor and disputePriceFor and specifies a blacklisted address for repayment, the settle function will revert and cause the request to be frozen unless the address is unblacklisted. This costs the malicious user 2 bonds and does not result in any gain, but freezing the request could cause issues for the integrator.

To avoid this, integrations that use tokens with blacklisting functionality should ensure that their admins can call a function that ignores the frozen request and creates a new OOV2 request. In this way they can prevent a frozen request from having any negative consequences to their protocol.