Approved address can approve other addresses for an owner's safe

```MarginCallPrimaryFacet.flagShort()``` can be frontrun

Malicious lenders can prevent borrowers from repaying through callback functions

The lender can call the `rollLoan()` to increase the amount of repayments required, resulting in the inability of the borrower to repay the debt

Malicious/Compromised organiser can reclaw all funds, stealing work from supporters

Signature missing nonce & expiration deadline

Centralization Risk for trusted organizers

Return value of low level `call` not checked.

Sandwich attack to steal all ERC-20 tokens in the Fees contract

Borrower can use Refinance to cancel auctions so they can extend their loan indefinitely

Using forged/fake lending pools to steal any loan opening for auction

Zero address leads to transaction reverts

`setPool()` should check if `p.minLoanSize` < p.poolBalance

Anyone can burn **DecentralizedStableCoin** tokens with `burnFrom` function

[H-01] Lack of emergency withdraw function when no arbiter is set

`tokenContract`is always an unsafe input, for fairness, it is recommended to add a whitelist for token

If `ProtocolRewardsPool` is insufficient in EUSD, users will not be able to calim any rewards

`latestRoundData()` problem

`D3VaultFunding.userWithdraw()` doen not have mindTokenAmount

`poolBorrow()` multiplicate after division may lead to inaccurate data

`D3Callee()` should use `safeTransfer` instead of `transfer`

`D3Oracle.getPrice()` use `latestRoundData()` return stale or incorrect result

StableOracleDAI contract ethOracle setting zero, it will cause the contract useless

UniV3SwapInput() function setting amountOutMinimum is zero, it will cause the user to lose funds by large slippage

mintRebalancer() and burnRebalancer() do not use auth modifier. It will cause attacker manipulates the total price

removeCollateral() function does not check if the index parameter > collateral.length