buyOTokens should check if the sender paid ETH

[aparnakr]

The code for buying otokens using ethereum buyOtokens() does not check whether the sender sent enough eth to pay for the purchase. This would allow an attacker to drain the OptionsExchange contract of all ETH in it by calling buyOtokens() where the receiver address is the attackers address. This is not normally exploitable because the OptionsExchange contract never holds ETH during the normal operation of the smart contracts system. However, it would allow an attacker to drain any ETH that is accidentally sent to the OptionsExchange contract.(3) Low Severity: the code for buying otokens using ethereum buyOtokens() does not check whether the sender sent enough eth to pay for the purchase. This would allow an attacker to drain the OptionsExchange contract of all ETH in it by calling buyOtokens() where the receiver address is the attackers address. This is not normally exploitable because the OptionsExchange contract never holds ETH during the normal operation of the smart contracts system. However, it would allow an attacker to drain any ETH that is accidentally sent to the OptionsExchange contract.