The load() function is called by wallet's loadTokenCard(), splits the sent amount (ETH or ERC20 token) accordingly and transfers it to the holder (aka asset-contract) and cryptofloat contracts.
The check whether the token belongs to our whitelist is made in loadTokenCard(). This is done because it is inefficient to check if the sender is an actual monolith wallet and in the worst-case, money from an unknown source can be deposited (could this be a potential compliance issue?).
The sender can deploy his own token contract and execute arbitrary code or even call back the load() function. There should not be any reentrancy attack there but maybe it should be better to prevent this kind of behaviour.
The best way to do it is to access token-whitelist.tokencard.eth and check if the token is loadable. Another way to do it is to keep track of all the deployed wallets but as said above this is inefficient due to the different wallet versions.
The load() function is called by wallet's loadTokenCard(), splits the sent amount (ETH or ERC20 token) accordingly and transfers it to the holder (aka asset-contract) and cryptofloat contracts.
The check whether the token belongs to our whitelist is made in loadTokenCard(). This is done because it is inefficient to check if the sender is an actual monolith wallet and in the worst-case, money from an unknown source can be deposited (could this be a potential compliance issue?).
The sender can deploy his own token contract and execute arbitrary code or even call back the load() function. There should not be any reentrancy attack there but maybe it should be better to prevent this kind of behaviour.
The best way to do it is to access
token-whitelist.tokencard.eth
and check if the token isloadable
. Another way to do it is to keep track of all the deployed wallets but as said above this is inefficient due to the different wallet versions.