`SecondSwap_Marketplace` vesting listing order affects how much the vesting buyers can claim at a given step

Users can claim more that their actual allotment

`Bracket::performUpkeep` will revert due to residual allowance and the usage of `safeApprove`

Attacker will prevent lenders from canceling lend orders and block non-perpetual lend orders matching.

DebitaIncentives::updateFunds will exit prematurely and not update whitelisted pairs causing loss of funds to lenders and borrowers

Incentives `clawback` and `drawRaffle` functions are inaccessible to all parties, including Boost creators and Boost owners.

`FjordAuction` incorrect `block.timestamp` check allows users to bid after calling `auctionEnd` to claim more tokens than they should

TokenManager - Unlimited withdraw

`MidasAccessControl` allows blacklisted users to bypass `mTBILL` ban by renouncing the `BLACKLISTED_ROLE`

Malicious User can call `lockOnBehalf` repeatedly extend a users `unlockTime`, removing their ability to withdraw previously locked tokens

Attacker can make 0 value deposit() calls to deny user from redeeming or withdrawing collateral

Owner of a position can prevent liquidation due to the 'onERC721Received' callback

`JalaPair` functions calling `_update` will revert when `price0CumulativeLast` or `price1CumulativeLast` overflows

`LiquidInfrastructureERC20.sol` disapproved holders keep part of the supply, diluting approved holders revenue.

Rewards can be drained because of lack of access control

Partial transfers are still possible, leading to incorrect storage updates, and the calculated account premiums will be significantly different from what they should be