and I'm not a programmer in order to view your contract for vulnerabilities, now is the time that you need to be careful about the trick, is there any other way to withdraw funds from the contract except to return the token back?
The smart-contract has no security hole through which there would be a leakage of ETH or tokens. No one can take out ETH without paying tokens, even the contract owner can't do that.