Users will lose spent tokens for the orders if multiple orders are initiated in the same block

Whitelisted users can never be liquidated in the long term even if protocol intends it in short term

Signature missing nonce & expiration deadline

Precision loss/Rounding to Zero in `_distribute()`

Tokens with less than 18 decimals allow for draining of funds

Sandwich attack to steal all ERC-20 tokens in the Fees contract

Token spending by Uniswap router doesn't get approved

The `borrow` and `refinance` functions can be front-run by the pool lender to set high interest rates

Possible incorrect borrowing timestamps

Rounding error risk in borrow() function in Lender.sol

No use of Ownable in Staking contract.

[H-01] Lack of emergency withdraw function when no arbiter is set