See how they make token scams and steal people's assets and funds at the right time.

In the transferFrom function, superOperator ability to bypass the check related to having enough allowances. As a result, this  person can transfer funds of all users to any address without having enough allowances.

```
        if (_msgSender() != from && !_superOperators[_msgSender()] && _msgSender() != _operator) {
            uint256 currentAllowance = _allowances[from][_msgSender()];
            if (currentAllowance != ~uint256(0)) {
                require(currentAllowance >= amount, "NOT_AUTHORIZED_ALLOWANCE");
                _allowances[from][_msgSender()] = currentAllowance - amount;
            }
        }
        _transfer(from, to, amount);
```