1. Factory `create_pool` Allows Spoofing of `creator` Parameter, Risking Frontend Attribution
A security issue in the Factory contract allows an authorized user to spoof pool ownership, creating a risk of misattribution on the frontend dashboard. The `create_pool` function accepts an arbitrary address as the `creator` parameter, which is then broadcast in an event. This means the recorded creator is not necessa...