The `RockPaperScissors::createGameWithToken` function creates a game for betting one `WinningToken`. But there is unsafe transfer of the token used.
```javascript
function createGameWithToken(uint256 _totalTurns, uint256 _timeoutInterval) external returns (uint256) {
require(winningToken.balanceOf(msg.sender) >= 1, "Must have winning token");
require(_totalTurns > 0, "Must have at least one turn");
require(_totalTurns % 2 == 1, "Total turns must be odd");
require(_timeoutInterval >= 5 minutes, "Timeout must be at least 5 minutes");
// Transfer token to contract
@> winningToken.transferFrom(msg.sender, address(this), 1);
```
Here the `transferFrom` function always return true valu even if the token will not transfer properly, Also return value is ignored by the `createGameWithToken` function. Due to this issue the game will be created even if the token is not transfered to the game contract.
Use `safeERC20` for transfering the token via `safeTransferFrom` function, Which ensures the non-reverting transactions should be assumed to successfull and if the token will not transfer then the function will be reverted.
```diff
+ use safeERC20 for ERC20;
```
Also update the `createGameWithToken` function.
```diff
function createGameWithToken(uint256 _totalTurns, uint256 _timeoutInterval) external returns (uint256) {
...
...
// Transfer token to contract
- winningToken.transferFrom(msg.sender, address(this), 1);
+ winningToken.safeTransferFrom(msg.sender, address(this), 1);
...
```
Also update the functions which have this type of issue.