Security considerations

I. Trust Model

The wM system operates with several trust assumptions:

• MigrationAdmin: Fully trusted role that can change contract implementation
• EarnerManager MigrationAdmin: Can change EarnerManager implementation
• Registrar: Source of truth for system parameters
• MToken: Assumed to function correctly
• Admins: Trusted to manage earning status appropriately

II. Edge Cases

Several edge cases are worth understanding:

Admin Removal

If an admin is removed from the admins list:

• Accounts they approved lose earning status
• Their fee settings become invalid
• Accounts should be stopped from earning to prevent further yield accrual

Disabled Earning

If the wrapper contract is removed from M's earner list:

• disableEarning() should be called to prevent further yield accrual
• Individual accounts can continue to earn until that point

Balance Precision

The system has specific precision limitations:

• All balances limited to uint240 to match M token
• Principal amounts limited to uint112 for gas efficiency
• Indices use uint128 with 12 decimal places of precision

III. Rounding Effects

The consistent rounding strategy creates specific effects:

• Multiple conversions between earning and non-earning states will result in small token losses
• Transfers between accounts with different earning statuses create small protocol gains
• These tiny amounts accumulate as protocol reserves, enhancing stability