In `JalaMasterRouter::swapExactTokensForETH` the `amountIn` value is not being scaled up when performing the wrapped token swap call to `JalaRouter02::swapExactTokensForETH`

All yield generated in the IBT vault can be drained by performing a vault deflation attack using the flash loan functionality of the Principal Token contract

The pool verification in `NapierRouter` is prone to collision attacks

Malicious Rebalancer can prevent Principal Token and Yield Token holders from redeeming their underlying rewards

`BunniPrice::getBunniTokenPrice` returns the TVL in the given Bunni token instead of the price per share of that token

`AuraBalancerSupply` retrieves the total BPT supply of Balancer pools through the `totalSupply` function, which is not correct for some types of pools

`BunniSupply::getProtocolOwnedLiquidityOhm` does not take uncollected fees into account, leading to OHM balance discrepancy

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

Adversary can block `claimAuction()` due to push-strategy to transfer assets to multiple bidders

Auction winner can prevent payments via `safeTransferFrom` callback

If a winner is blacklisted on any of the tokens they can't receive their funds

Owner can incorrectly pull funds from contests not yet expired

Sandwich attack to steal all ERC-20 tokens in the Fees contract

Malicious actors can DoS users, that want to buy all / most of the remaining quantity of a component, by frontrunning them with dust amount bids

Missing L2 sequencer outage checks

Lack of stale data checks when retrieving price data from Chainlink