Over in another thread (Five new tokens to add (October 2020)) we are discussing which tokens to add to the money market protocol.
Each token that we add needs to have a security review of any token functionality that goes beyond the basic ERC20 interface. Just because a token is ERC20 compliant doesn’t mean that it can be used in Percent. There have been multiple exploits already of other protocols due to token behavior that goes beyond ERC20. The most relevant for Percent is the case of imBTC at Lendf.me, where re-entrancy behavior allowed an attacker to completely drain all protocol assets. (The attacker was doxxed by bad opsec and returned the funds.) Another example was the inflationary behavior of STA at Balancer.
Most of the tokens under consideration are already available in one of Compound, Aave, or Cream, which suggests they are probably safe but isn’t a guarantee. New tokens that are unique to Percent would require the most careful inspection.