`personalMint()` reentrancy attack

Any contract can bypass `isSafe` restrictions

Zero address & `bytes32` zero value checks for additional safety

Attacker can initialize `Most.sol` to set critical parameters

Approve on principal token can revert

Reward token can be unclaimable and stuck in an edge case

Quote functions return incorrect values during funding phase

Anyone can drain `HATArbitrator` via `refundExpiredSubmitClaimRequest()` with non-existing claims

All tokens can be stolen from `VirtualAccount` due to missing access modifier

Cached `DOMAIN_SEPARATOR` is incorrect for tranche tokens potentially breaking permit integrations

Potential 99.5% loss in `emergencyWithdraw()` of two Yieldbox strategies

[HB10] `AaveStrategy.sol`: Changing swapper breaks the contract

CompoundStrategy `_currentBalance` uses `exchangeRateStored` which is leaks value

`MagnetarV2#burst` double counts `msg.value` for `TOFT_WRAP` operation, making the transaction revert unless the user overpays

Single UniswapV3Swapper using a single fee makes it highly likely to be suboptimal

FullMath and TickMath libraries desire overflow behavior