# BarnBridge-Protocol-V2 ## AaveV2Provider.sol & AaveV3Provider.sol - [Pausable](https://github.com/leo-plugdefi/BarnBridge-Protocol-V2/blob/feature/aave-refactor/contracts/smartyield/providers/AaveV2/AaveV2Provider.sol#L210) not used? - [inCaseTokensGetStuck](https://github.com/leo-plugdefi/BarnBridge-Protocol-V2/blob/feature/aave-refactor/contracts/smartyield/providers/AaveV2/AaveV2Provider.sol) should include `aToken` as well(not just underlying). `inCaseTokensGetStuck` is to transfer stuck tokens out of the smart contract and the validation is a safe-guard to "rug". The "rug" protection should include `aToken`? ```solidity function inCaseTokensGetStuck(address _token) external onlyController { require(_token != underlying, "!token"); uint256 amount = ERC20(_token).balanceOf(address(this)); ERC20(_token).safeTransfer(msg.sender, amount); } ``` Example: ```solidity function inCaseTokensGetStuck(address _token) external onlyController { require(_token != underlying && _token != aToken, "!token"); uint256 amount = ERC20(_token).balanceOf(address(this)); ERC20(_token).safeTransfer(msg.sender, amount); } ``` - Unit tests [SmartYield.t.sol](https://github.com/leo-plugdefi/BarnBridge-Protocol-V2/blob/feature/aave-refactor/test/mainnet/smartyield/providers/AaveV2/SmartYield.t.sol) should cover different token decimals for `underlying` `borrowing` assets. And token balances should be validated to avoid exploit. Example: USDC/DAI tokens have different decimals.