Missing access control on UTB:receiveFromBridge allows UTB swaps to be executed without spending bridge fees while bypassing fee/swap instruction signature verification

Incorrect amounts of ETH are transferred to the DAO treasury in `ERC20TokenEmitter::buyToken()`, causing a value leak in every transaction

Malicious delegatees can block delegators from redelegating and from sending their NFTs

`ERC20TokenEmitter::buyToken` function mints more tokens to users than it should do

Anyone can pause AuctionHouse in _createAuction

MaxHeap.sol: Already extracted tokenId may be extracted again.

Since buyToken function has no slippage checking, users can get less tokens than expected when they buy tokens directly

Bidder can use donations to get VerbsToken from auction that already ended.

It may be possible to DoS AuctionHouse by specifying malicious creators

Partial transfers are still possible, leading to incorrect storage updates, and the calculated account premiums will be significantly different from what they should be

The Main Invariant "Fees paid to a given user should not exceed the amount of fees earned by the liquidity owned by that user." can be broken due to slight difference when computing collected fee

The price of rsEHT could be manipulated by the first staker

Possible arbitrage from Chainlink price discrepancy

Update in strategy will cause wrong issuance of shares

`codehash` check in factory contracts does not account for non-empty addresses

Borrower can drain all funds of a sanctioned lender

Array Length of `tickTracking_ ` Can be Purposely Increased to Brick Minting and Burning of Most Users' Liquidity Positions

All tokens can be stolen from `VirtualAccount` due to missing access modifier

TWO DIFFERENT TRANSACTIONS CAN RESULT IN THE SAME `txnHash` VALUE THUS BREAKING THE APPROVAL PROCESS OF TRANSACTION MINTING

The settle feature will be broken if attacker arbitrarily transfer collateral tokens to the PerpetualAtlanticVaultLP

`ReLPContract` wrongfully assumes protocol owns all of the liquidity in the UniswapV2 pool

Improper precision of strike price calculation can result in broken protocol

_curveSwap: getDpxEthPrice and getEthPrice is in wrong order

reLP() mintokenAAmount the calculations are wrong.

Change of `fundingDuration` causes "time travel" of `PerpetualAtlanticVault.nextFundingPaymentTimestamp()`

Users may be forced into long lock times to be able to undelegate back to themselves.

Delegated votes are locked when owner lock is expired

Incorrect calculations in deposit() function in TokenisableRange.sol can make the users suffer from immediate loss

Wrong calculation of repayment amount in Position contract

Reward accounting is incorrect in BathBuddy contract

Some offers can't be cancelled

An attacker can steal all tokens of users that use `FeeWrapper`

The ````_matcho()```` is not implemented properly

Calling `Position._marketBuy` and `Position._marketSell` functions that calculate `_fee` by dividing by `10000` can cause incorrect calculations