TokenContract does not check signers
Why doesn't it check if transaction was signed by the right parties?
That might currently be done at the flow level when creating a new transaction. But if I'm not mistaken it won't be done when the whole transaction chain is verified. That would mean that some node could issue tokens to himself even though he's not the issuer and then fool the other nodes by transferring those tokens to them (because the issue transaction would be valid, except for the signers field, which is not checked).