BuilderWallet `init()` is unprotected/re-initializable, enabling takeover and theft of builder fees

`RiskEngine::_getRequiredCollateralAtTickSinglePosition()` Fails to Accumulate Credits Across Multiple Legs, Leading to Potential Erroneous Liquidations

`Vault.mintYieldFee` FUNCTION CAN BE CALLED BY ANYONE TO MINT `Vault Shares` TO ANY RECIPIENT ADDRESS

Attacker can frontrun deployVault to deploy at the same address

`WstEth` derivative assumes a ~1=1 peg of stETH to ETH

Missing derivative limit and deposit availability checks will revert the whole `stake()` function

Any user can drain the entire reward fund in MultiRewardStaking due to incorrect calculation of `supplierDelta`

DOS any Staking contract with Arithmetic Overflow

Vault creator can't change feeRecipient after deployment

`MultiRewardStaking.changeRewardSpeed()` breaks the distribution