Check that create transferred the correct amount

[dmdque]

create doesn't verify that the correct amount of tokens were transferred. This can potentially lead to the creation of a malicious Bskt with a malicious underlying token.

Checking the delta of erc20.balanceOf(address(this)) mitigates this possibility.

However, this imposes extra logic, so it's worth considering the tradeoffs. An alternative solution is to publish a curated list of verified tokens.