This third iteration was trying to use CPI calls in order to transfers token into another account. It is like a monolithic account abstraction layer with permissionned systems embedded into it. There is some big flaws with this design, but it is the one used with the app.
Commit: cd03ab5da632cc4d328c2c2a6b88a0e81f2ade88 If you want to use the app with it and deploy a compatible version.
This system was still in the monolithic fashion idea. Because I overthink performance for some practicity (account abstraction + permissionned system) which revealved itsef being a much better solution.