The pledge creators might lose all of their funds by recoverERC20().
Lines of code Vulnerability details Impact There is a recoverERC20 function to withdraw ERC20 tokens from the contract. Currently, it checks if the token isn't an active reward token but it can be passed easily if the admin removes the reward token using removeRewardToken. So if the admin removes...