`Vault.mintYieldFee` FUNCTION CAN BE CALLED BY ANYONE TO MINT `Vault Shares` TO ANY RECIPIENT ADDRESS

Attacker can frontrun deployVault to deploy at the same address

`WstEth` derivative assumes a ~1=1 peg of stETH to ETH

Missing derivative limit and deposit availability checks will revert the whole `stake()` function

Any user can drain the entire reward fund in MultiRewardStaking due to incorrect calculation of `supplierDelta`

DOS any Staking contract with Arithmetic Overflow

Vault creator can't change feeRecipient after deployment

`MultiRewardStaking.changeRewardSpeed()` breaks the distribution

Bad implementation in minter access control for `RabbitHoleReceipt` and `RabbitHoleTickets` contracts

Users may not claim Erc1155 rewards when the Quest has ended