Load() in Licence contract can be called by anyone and does not check the ERC20 destination contract

[i-stam]

The load() function is called by wallet's loadTokenCard(), splits the sent amount (ETH or ERC20 token) accordingly and transfers it to the holder (aka asset-contract) and cryptofloat contracts.

The check whether the token belongs to our whitelist is made in loadTokenCard(). This is done because it is inefficient to check if the sender is an actual monolith wallet and in the worst-case, money from an unknown source can be deposited (could this be a potential compliance issue?).

The sender can deploy his own token contract and execute arbitrary code or even call back the load() function. There should not be any reentrancy attack there but maybe it should be better to prevent this kind of behaviour.

The best way to do it is to access token-whitelist.tokencard.eth and check if the token is loadable. Another way to do it is to keep track of all the deployed wallets but as said above this is inefficient due to the different wallet versions.

[i-stam]

same as #546

[i-stam]

It seems that nothing can be done to prevent it since the user can send directly to the holder contract...