Deleting the value in mapping may result in the Tokens lock in the assetToken permenantly and can't be backed by anymore.In the setAllowedToken() owner can unassign the tokens at any time if the owner unassigns the token then the ThunderLoan contract can't be able to interact with the assetToken contract result in tokens lock and there is no withdraw function or anything in the assetToken contract to get back the tokens.
High
Manual Review
Add withdraw function in the assetoken conctract.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.