Lack of safety buffer in `_checkLoanIsHealthy` could subject users who take out the max loan into a forced liquidation

Missing initiator check could lead to griefing attacks

DOS of market operations with malicious offers

Some offers can't be cancelled

First depositor can steal funds from users by forcibly depositing to the lending pool

Users can steal additional rewards after withdrawing with the `claimed_` flag set as `true`

User rewards will be lost when a reward token is removed from the protocol

First vault depositor can steal other's assets

Accrued perfomance fee calculation takes wrong assumptions for share decimals, leading to loss of shares or hyperinflation

Auction timers following liquidity can fall through the floor price causing pool insolvency

Flash loans dont check deposit before and after which may result in the drainage of a pool

Tokens Will Never Be Swapped When Calling `rebalance()` in `PerpDepository`

Liquidity providers may lose funds when adding liquidity

Price will not always be 18 decimals, as expected and outlined in the comments

Rounding error in buyQuote might result in free tokens

NFTs mintable after Auction deadline expires

Use of `payable.transfer()` Might Render ETH Impossible to Withdraw

`usdcAmount` Will be Incorrect in `withdrawAuction()` When Attempting to Transfer Proportionate Amount

Forcibly sending tokens to the vault can block future investors from receiving myLink causing a Denial of Service condition and loss of funds.

ERC20 Tokens with Different Decimals to 1e18 lead to Inaccurate Price Feed

The `unwrapETH2LD` use `transferFrom` instead of `safeTransferFrom` to transfer ERC721 token