In this contract, attacker by buying 112 USDT and then buying 101 TCR using USDT and selling 101 TCR, the hacker obtained 600K USDT.
https://etherscan.io/tx/0x81e9918e248d14d78ff7b697355fd9f456c6d7881486ed14fdfb69db16631154
https://etherscan.io/token/0xe38b72d6595fd3885d1d2f770aa23e94757f91a1#code#L159
The root cause of this problem is in the burnFrom function. This implementation allows any account A to burn tokens from any other account B if account A approves that number of tokens to B.
Hacker Approved huge amount of tokens to Uniswap pool. In the next step, he buys 101 TCR. Then he uses this bug to burn TCR owned by the pool and as a result the price of TCR increases. In the end, he sells the TCRs he bought.
```
require(_allowance[msg.sender][from] >= amount, ERROR_ATL);
```
You can easily write a rule for this pattern with the @semgrep tool and find all similar cases.