…e is clearly a bug in the token contract. The change in Solidity only brought this bug to daylight. One reason why there are so many BadTokens is that at one point OpenZeppelin implemented the wrong interface in their framework. Between 17 March 2017 and 13 July 2017 the interface was wrong:
… BadToken, which processes the call, makes the transfer and does not return a Boolean return value. The calling contract now looks up the return value in the memory, but since the token did not write a return value it will take whatever it finds in this memory position as the return value of the external call.