v3 guides FlashSwap: contract as it is will lead to loss of funds #949
Description
The contract shown as example in this guide does not warn their potential users against a vulnerability introduced by the implementation, without overrides, of PeripheryPayments.
PeripheryPayments implements sweepToken which, unmodified, allows anyone to withdraw tokens from the implementing contract.
IMO, the example should handle the deposit atomically (i. e. inside the callback) so the funds are transferred to the contract if and only if there will be any need to repay the pool and have the funds back to the caller's wallet; otherwise the entire thing is reverted, and no funds can be lost.