TokenManager - Unlimited withdraw

`DeliveryPlace::settleAskTaker` Has Incorrect Access Control

The `DeliveryPlace::settleAskTaker()` function mistakenly uses `makerInfo.tokenAddress` to update the `TokenBalanceType.PointToken` in the `userTokenBalanceMap` mapping, leading to a critical error.

`addLiquidity()` function is called with lack of working deadline and slippage protection

Claimable gauge distributions are lost when `killGaugeTotally` is called

curator can lead to DOS `purchase()` function

the `woPrice_` bound check will ignored if Chainlink returns zero price

DoS in `MergingPool::claimRewards` function and potential DoS in `RankedBattle::claimNRN` function if called after a significant amount of rounds passed.

Unauthorized Access to setCurves Function

Tokens with less than 18 decimals allow for draining of funds

Sandwich attack to steal all ERC-20 tokens in the Fees contract

Fee on transfer tokens will cause users to lose funds

Fixed fee level is used when swap tokens on Uniswap

Multiple accesses of a mapping/array should use a local variable cache.

Uncheck Arithmetic where overflow/underflow impossible

caching variable of struct in one slot

Floating pragma in all contracts

Don't initialize `uint/int` variables with default value

Mixed usage of `int`/`uint` with `int256`/`uint256`

Cache array length outside of loop

staleCheckLatestRoundData() does not check the status of the Arbitrum sequencer in Chainlink feeds.

Chainlink oracle will return the wrong price if the aggregator hits `minAnswer`

[H-01] Lack of emergency withdraw function when no arbiter is set

High - Funds can be lost if any participant is blacklisted

`tokenContract`is always an unsafe input, for fairness, it is recommended to add a whitelist for token

Check price != 0 before interacting with IERC20

getVestedFraction missed to check If Arbitrum sequencer is down

getGasPrice() doesn't check Arbitrum l2 chainlink feed is active

The deposit - withdraw - trade transaction lack of expiration timestamp check (DeadLine check)

Using unsafe ERC20 methods can revert the transaction for some tokens.

getPrice() function doesn't check If Arbitrum sequencer is down in Chainlink feeds.

There is no slippage control for trading functions at all

_validateAndGetPrice() doesn't check If Arbitrum sequencer is down in Chainlink feeds

Oracle data feed has no check for round fullness

wrong calculation in logic of the Lend function

in cooler.sol.rescind there is risk of funds to be lost

if transfer fails in repaying loan will be deleted

`_handleDeposit` and `_handleWithdraw` do not account for tokens with decimals higher than 18

contract should check the responses from chainlink aggregator

Use of `payable.transfer()` may lock user funds