Description:

The _externalCall implementation is meant to perform a function call that conducts an arbitrary action except from approving another address of an allowance, presumably to ensure that funds aren't exited from the vault after the checkBalances evaluation successfully passes. This check, however, is insufficient as a lot of contracts, including the Ampleforth token itself (AMPL), derive from OpenZeppelin and support the increaseAllowance and decreaseAllowance functions, thus circumventing the check.

Recommendation:

We advise that these two widely implemented functions are also added to the list of prohibited function calls. We should note, however, that each token implementation differs and the approval mechanism may be circumvented via other means. As such, the introduction of new tokens supported by the Geyser as staking tokens should be properly vetted to not allow such an incident to occur.