Vultisig whitelisting can be bypassed by anyone

User can get free entries to rounds

A ready to be withdrawn round can be forcefully extended by a single user

Attack to make ````CurveSubject```` to be a ````HoneyPot````

Unrestricted claiming of fees due to missing balance updates in `FeeSplitter`

Unauthorized Access to setCurves Function

onBalanceChange causes previously unclaimed rewards to be cleared

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

Bidder Funds Can Become Unrecoverable Due to 1 second Overlap in `participateToAuction()` and `claimAuction()`

Whenever a user wants to `takeOverDebt` will never work

Approved allocator can send as many votes as he wants to an accepted recipient

Registering a recipient for a RFPSimpleStrategy while useRegistryAnchor is true will always revert

Lender can lose funds after lending debt token

Loss of funds during user adjusting

Incorrect function call in LybraRETHVault's getAssetPrice

No checks if an Arbitrum L2 sequencer is down

Bad implementation in minter access control for `RabbitHoleReceipt` and `RabbitHoleTickets` contracts