direct to IP address transfers seems like a obvious surface area to attack.
If you ever find anyone who turned it on. It's disabled by default.
There is no way to be absolutely sure that there are no buffer overflow attacks. Although it would help to implement the client in a language that doesn't have buffer overflows because it checks array indices (Python, Java, C#, ...).
It's all STL. There are almost no buffers.