The type of source is not checked
Though Michelson requires the parameter and return types be specified for the SOURCE
instruction, these are not checked. This means that it is possible to have transfers fail at runtime due to type errors and, worse, store data that does not typecheck. The contract below illustrates this behavior:
parameter unit;
return unit ;
storage (contract unit bool) ;
code { SOURCE unit bool ; SWAP ; SET_CDR }
This contract stores the source, which it will do, regardless of the actual type of the source. This allows for an attack where the contract is unable to deserialize its own storage.