`V3AMO` is not compatible with Fenix Finance Algebra-Based DEX

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

Bidder Funds Can Become Unrecoverable Due to 1 second Overlap in `participateToAuction()` and `claimAuction()`

Protocol is not `EIP712` compliant: incorrect typehash for `Validation` and `Transaction` structures

The settle feature will be broken if attacker arbitrarily transfer collateral tokens to the PerpetualAtlanticVaultLP

No mechanism to settle out-of-money put options even after Bond receipt token is redeemed.

Change of `fundingDuration` causes "time travel" of `PerpetualAtlanticVault.nextFundingPaymentTimestamp()`

`BaseV2Minter` DAO reward shares are calculated wrong

Removing a BribeFlywheel from a Gauge does not remove the reward asset from the rewards depo, making it impossible to add a new Flywheel with the same reward token

Removing a `UniswapV3Gauge` via `UniswapV3GaugeFactory` does not actually remove it from the `UniswapV3Staker`; Gauge still gains rewards, can be staked to (even though deprecated) plus old stakers game the rewards of new stakers

`BribesFactory::createBribeFlywheel` can be completely blocked from creating any Flywheel by a malicious actor

If `HERMES` gauge rewards are not queued for distribution every week, they are slashed

Unstaking `vMAIA` tokens on the first Tuesday of the month can be offset

A malicious strategy can permanently DoS all currently pending withdrawals that contain it

Inadequate price oracle checks

Underflow of `lpPosition.points` during withdrawLP causes huge reward minting

Updating a pool's total points doesn't affect existing stake positions for rewards calculation

An Attack Vector on the Approve/TransferFrom Methods

`_claimExternalRewards` does not update contract state after claiming, allowing for extra external reward token claims via `claimRewards`

`userRewardDebts` is not correctly deducted from `cachedUserRewards` in `_withdrawUpdateRewardState` leading to extra internal rewards by withdrawing

claiming internal rewards via `internalRewardsForToken` fails in some cases even when users are entitled to internal rewards

claiming external rewards via `externalRewardsForToken` fails in some cases even when users are entitled to external rewards

All operators can be removed, leaving the Vault without core functionality

Migration logic is implemented incorrectly

Auction can be force started and first token force minted by calling `settle()` before the auction was launched