Security Alert: Factory `create_pool` Fails to Validate Token Against Whitelist, Risking Malicious Pools

A critical security vulnerability has been identified in the Factory contract's `create_pool` function. The function accepts an arbitrary `currency` identifier but fails to authenticate this token address against the official `DataKey::SupportedToken` configuration whitelist. This oversight allows unverified and potentially malicious tokens to be used to instantiate pools that appear officially recognized by the system.

The core issue is that the factory, which serves as the trust anchor for frontend displays and user interactions, does not enforce a basic security check. Without validation, a malicious host could craft pools using worthless or inherently malicious smart contract tokens. The vulnerability is isolated to the `contract/factory/src/lib.rs` file, where the `create_pool` logic lacks the necessary lookup to confirm a token's status on the supported whitelist.

This flaw represents a direct security risk, opening the door to phishing variants and exploitative secondary contracts. Users interacting with what appears to be a legitimate pool could unknowingly engage with a malicious asset, leading to potential loss of funds. The proposed solution is to add a mandatory check within `create_pool` to enforce that the provided `currency` is present in the `SupportedToken` storage, thereby restoring the contract's role as a reliable gatekeeper for pool creation.