Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

DOS in the bid function

Missing option to remove tokens from the `isTokenSupport` mapping can result in huge financial loss for users and the protocol

Outdated penalty fee gets charged if the penalty fee has changed since listing

Exposed `_removeCredIdPerAddress` & `_addCredIdPerAddress` allows anyone to cause issues to current holders as well as upcoming ones

Refunds sent to incorrect addresses in certain cases

Pause and unpause functions are inaccessible

Chainlink's `latestRoundData` might return stale or incorrect results

Missing disapproval check in `LockManager.sol::approveUSDPrice` allows simultaneous approval and disapproval of a price proposal

Attacker can make 0 value deposit() calls to deny user from redeeming or withdrawing collateral