Unassigned earnings in matured pools will not be included in `totalAssets()` calculation

Users can lend and borrow above allowed limitations

Holders array can be manipulated by transferring or burning with amount 0, stealing rewards or bricking certain functions

`LiquidInfrastructureERC20.sol` disapproved holders keep part of the supply, diluting approved holders revenue.

Withdrawal from NFTs can be temporarily blocked

Unrestricted claiming of fees due to missing balance updates in `FeeSplitter`

Unauthorized Access to setCurves Function

Protocol and referral fee would be permanently stuck in the Curves contract when selling a token

Selling will be bricked if all other tokens are withdrawn to ERC20 token

A subject creator within a single block can claim holder fees without holding due to unprotected reentrancy path

onBalanceChange causes previously unclaimed rewards to be cleared

Curves::_buyCurvesToken(), Excess of Eth received is not refunded back to the user.

Theft of holder fees when `holderFeePercent` was positive and is set to zero

Malicious delegatees can block delegators from redelegating and from sending their NFTs

All tokens can be stolen from MarginTrading due to unsafe executeOperation

GeneralRepay makes generic call allowing approved tokens to be stolen