Any User can mint any amount of WStETH in the WStETHMock.sol and StETHMock.sol

Looping over unbounded `pendingStakes` array can lead to permanent DoS and frozen funds

Missing deadline check allow pending transactions to be maliciously executed

Protocol mints less rsETH on deposit than intended

No check if bridge already exists

Loss of precision in `twapPriceInEther` due to division before multiplication

`onERC721Received()` callback is never called when new tokens are minted in Erc721Facet.sol

Sandwich attack to steal all ERC-20 tokens in the Fees contract

[H-04] Lender#buyLoan - Malicious user could take over a loan for free without having a pool because of wrong access control

Attacker can steal a loan's collateral and break the protocol

Fee on transfer tokens will cause users to lose funds

update() not getting called right after a WETH amount has been sent will cause users to lose staking rewards

The `borrow` and `refinance` functions can be front-run by the pool lender to set high interest rates

If a borrower or lender got blacklisted by asset contract, their collateral or loan funds can be permanently frozen with the pool

No expiration deadline leads to losing a lot of funds

Cannot use `_burn` Function in Beedle.sol Contract

getPrice() doesn't check If Arbitrum sequencer is down in Chainlink feeds

Staking, unstaking and rebalanceToWeight can be sandwiched (Mainly rETH deposit )

`WstEth` derivative assumes a ~1=1 peg of stETH to ETH

No slippage protection on `stake()` in SafEth.sol

Lack of deadline for uniswap AMM