Users can get immediate profit when deposit and redeem in `PerpetualAtlanticVaultLP`

reLP() mintokenAAmount the calculations are wrong.

No mechanism to settle out-of-money put options even after Bond receipt token is redeemed.

`sync` function in `RdpxV2Core.sol` should be called in multiple scenarios to account for the balance changes that occurs

Change of `fundingDuration` causes "time travel" of `PerpetualAtlanticVault.nextFundingPaymentTimestamp()`

Reward accounting is incorrect in BathBuddy contract

DOS of market operations with malicious offers

Staking, unstaking and rebalanceToWeight can be sandwiched (Mainly rETH deposit )

Reth.sol: Withdrawals are unreliable and depend on excess RocketDepositPool balance which can brick the whole protocol

In de-peg scenario, forcing full exit from every derivative & immediately re-entering can cause big losses for depositors

Updating rollover details in `enlistInRollover` for one user overrides existing rollover details of another user

Potential DDOS attack while processing deposit requests with epochId =0

First depositor into a new pool can manipulate the pool share price

Malicious user can cause a DOS attack on critical pool functions such as `accruePremiumAndExpireProtections` and `lockCapital`

Existing buyer who has been regularly renewing protection will be denied renewal even when she is well within the renewal grace period

User can bypass the `ProtectionPurchaseLimitTimestamp` restriction that disallows protection purchase on a specific lending pool after specific time elapses

Protection sellers can front-run accrued premium updates and make instant arbitrage profits

Protection seller can bypass the withdrawal cycle restriction by placing withdrawal requests in advance

Malicious protection buyer can manipulate pool leverage ratio to block genuine protection buyers

Protection buyers can front-run lending pool state updates to buy protection on pools that have just transitioned from `Active` to `LateWithinGracePeriod` state

Interest component of underlying amount is not withdrawable using the `withdrawLend` function. Such amount is permanently locked in the BlueBerryBank contract

Staking rewards can be drained

Any user can drain the entire reward fund in MultiRewardStaking due to incorrect calculation of `supplierDelta`

`Mint` function does not update `LiquidityPosition` state of caller before minting LP tokens. This

ERC4626RouterBase.withdraw can only be called once

For a public vault, minimum deposit requirement that is enforced by `ERC4626Cloned.deposit` function can be bypassed by `ERC4626Cloned.mint` function or vice versa when share price does not equal one

Significant divergence in unrealizedPnL calculation of Perp protocol vs Depository can lead to undercollateralization

Hijacking of node operators minipool causes loss of staked funds

State Transition: Minipools can be created using other operator's AVAX deposit via recreateMinipool

`requireNextActiveMultisig` will always return the first enabled multisig which increases the probability of stuck minipools

NodeOp funds may be trapped by a invalid state transition

Not enough margin pulled or burned from user when adding to a position

`_handleOpenFees` returns an incorrect value for `_feePaid`. This directly impacts margin calculations

A whale user is able to cause freeze of funds of other users by bypassing withdraw limit