Inability to perform partial liquidations allows huge positions to accrue bad debt in the system

Attacker Can Frontruns User's Withdrawals To Make Them Reverts Without Costs

Attacker can frontrun to prevent vaults from being removed from the dNFT owner's position

No incentive to liquidate when CR <= 1 as asset received < dyad burned

All yield generated in the IBT vault can be drained by performing a vault deflation attack using the flash loan functionality of the Principal Token contract

````VerbsToken.tokenURI()```` is vulnerable to JSON injection attacks

Bidder can use donations to get VerbsToken from auction that already ended.

Malicious liquidity provider may burn their LP NFT to make liquidations impossible and cause protocol to incur bad debt

If the LPer becomes blacklisted for particular holdTokens like USDC,USDT, then liquidation of related position will not be possible

In QVStrategy, regular member can exclude some recipient candidates by resetting the `Accepted` status back to `Pending`

Protocol will not work properly with fee-on-transfer tokens

Missing slippage parameter on Uniswap `addLiquidity()` function

Cancelled orders are refunded to recipients instead of payers, some users might lose funds

Protocol fees can be withdrawn multiple times in `Erc20Quest`

When `rewardToken` is erc1155/erc777,an attacker can reenter and cause funds to be stuck in the contract forever

DOS risk if enough tokens are minted in Quest.claim can lead, at least, to transaction fee lost