The `setAllowedSellToken()` function allows the owner to arbitrarily enable or disable any token for trading without restrictions or governance mechanisms. This creates a single point of failure where the owner can manipulate the market by controlling which tokens can be traded.

@> function setAllowedSellToken(address _token, bool _isAllowed) external onlyOwner {

allowedSellToken[_token] = _isAllowed;

emit TokenAllowed(_token, _isAllowed);

}

- **High**: Owner can immediately disable trading for any token, potentially causing:

- Trapped liquidity for existing orders

- Market manipulation by selective token blocking

- Loss of user funds if tokens are disabled while orders are active

- Disruption of trading operations at any time

- Scenario: Users have active WETH orders worth millions

- Owner calls: `setAllowedSellToken(WETH_ADDRESS, false)`

- Result: No new WETH orders can be created, existing orders become harder to manage

function setAllowedSellToken(address _token, bool _isAllowed) external onlyOwner {

allowedSellToken[_token] = _isAllowed;

emit TokenAllowed(_token, _isAllowed);

}

Implement a governance mechanism with voting for token allowance changes

Add a timelock for token allowance modifications

Require multi-signature approval for critical token operations

Consider making core tokens (WETH, WBTC, WSOL) permanently allowed and non-modifiable