If a winner is blacklisted on any of the tokens they can't receive their funds

Potential DOS due to Gas Exhaustion Due to Large Array Iteration in `_distribute` Function

Tokens with less than 18 decimals allow for draining of funds

Sandwich attack to steal all ERC-20 tokens in the Fees contract

Token spending by Uniswap router doesn't get approved

Hardcoded Router Address May Cause Token Lockup in Non-Standard Networks

Theft of collateral tokens with fewer than 18 decimals

`++i`/`i++` should be `unchecked{++i}`/`unchecked{i++}` when it is not possible for them to overflow, as is the case when used in `for`- and `while`-loops

Attacker could exploit user DCA order for personal gain

Leverage limit orders to extract value via margin trading

Withdrawals could be halted temporarily

Wrong oracle data passed blocks the system

Lack of slippage control can affect the overcollateralization

`getPriceUSD()` in `StableOracleDAI.sol` returns incorrect price

`rebalance()` fails during `SellUSSDBuyCollateral()` execution

Attacker can force protocol to dump USSD price on UniV3 Pool

Chainlink price feed requests lack proper checks