Malicious users can steal all funds from GatewayTransferNative contracts using withdrawToNativeChain.

An Attacker can grief user of thier refund in GatewayCrossChain.sol and GatewayTransferNative.sol

If users withdraw while a position is in loss, the whole PNL of the position to their withdrawal amount instead of just their share of it.

`InfernalRiftBelow::claimRoyalties()` does not support the claiming of royalties for `ERC1155` tokens.

Insufficient checks to confirm the correct status of the sequencerUptimeFeed

Malicious User can call `lockOnBehalf` repeatedly extend a users `unlockTime`, removing their ability to withdraw previously locked tokens

Invalid validation allows users to unlock early

Missing disapproval check in `LockManager.sol::approveUSDPrice` allows simultaneous approval and disapproval of a price proposal

When Burning a Tokenized Position `validate` should be done before flipping the `isLong` bits in `_validateAndForwardToAMM()`

Anyone can update the address of the Router in the DcntEth contract to any address they would like to set.

Users staking via the `SurplusGuildMinter` can be immediately slashed when staking into a gauge that had previously incurred a loss

Sandwich attack to steal all ERC-20 tokens in the Fees contract

[H-04] Lender#buyLoan - Malicious user could take over a loan for free without having a pool because of wrong access control

Using forged/fake lending pools to steal any loan opening for auction

Lender fails to giveLoan because of inconsistent length between `loadIds` and `poolIds`

Wrong Amount of Loan Interest is Calculated

Loss Of Precision Due To Division Before Multiplication

Liquidations will be `frozen`, when the oracle go `offline` or a token's price dropping to `zero`

No check if Arbitrum/Optimism L2 sequencer is `down` in Chainlink feeds

Loss of Precision in ` usedQuota` .