There is no check in the deposit function that the depositor has the amount of tokens in their wallet to make the deposit according to the input they provide. The function would eventually revert on the last line when the function tries to take the tokens from their wallet, but there is no reason to wait all the way until the end to revert.
A depositor can input any amount of tokens to deposit regardless of what they actually have:
It is better to have a check at the beginning that prevents them from trying to deposit more than they have. It is also a waste of gas to process the entire function when they don't have sufficient tokens to deposit.
Manual review
Add a check that amount is not greater than the balance of the token in their wallet:
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.