Attacker can misuse token approvals by creating orders in OracleLess.sol

Attacker can abuse order creation to steal escrowed funds

OracleLess contract escrowed funds can be completely drained

All swap calls to any target address can be easily DOS'ed

Liquidation doesn't account for penalty when calculating collateral to give, allowing users to profit by borrowing and self-liquidating

Incorrect calculation of `newCumulativeIndex` in function `calcDecrease`

Incorrect reward distribution when t == roundedTimestamp in RewardsDistributor

disabling max lock does not correctly reset maxLockIdToIndex leading to some tokenIDs permanently stuck

First liquidity provider of a stable pair can DOS the pool

Voting is not possible when any Bribe rewarder is set for a period

Voters will lose all bribe rewards forever if they do not claim their rewards after the last bribing period

Gross undercalculation of rewards in BribeRewarder leads to permanent loss of rewards for all users

Funds unutilized for rewards may get stranded in BribeRewarder

Double voting is possible in Voter contract

Anyone can add to someone's else staking position in MLUMStaking and potentially extend their lock duration

Lock duration calculation in addToPosition() is wrong when stakedToken in MLUMStaking is a fee-on-transfer token

Harvested rewards sent to the wrong address in case of renewLock and extendLock flows

Approved address is allowed to call harvestPositionsTo but the call fails due to conflicting checks

Users can open positions with zero lock duration and still earn rewards

Voting and bribe rewards can be hijacked during emergency unlock by already existing positions

Most users won't be able to claim their share of Uniswap fees

Transfer of ILOPool NFT token to different account allows for users to bypass the pool's `maxCapPerUser` invariant

The userGaugeProfitIndex is not set correctly, allowing an attacker to receive rewards without waiting

Users staking via the `SurplusGuildMinter` can be immediately slashed when staking into a gauge that had previously incurred a loss

The creation of bad debt (`mark-down` of Credit) can force other loans in auction to also create bad debt

SurplusGuildMinter.getReward() is susceptible to DoS due to unbounded loop

LendingTerm::debtCeiling() can return wrong debt as the min() is evaluated incorrectly

Borrower can steal collateral without repaying the loan

Lender can roll the loan on his own wish

The kick function uses outdated LUP to update Interest State

Wrong Inflator used in calculating HTP to determine accrualIndex in accrueInterest

KickerActions uses wrong check to prevent Kickers from using deposits below LUP for KIckWithDeposit

Token Amounts is incorrectly added to Remaining collateral's USD Value in DecreasePositionUtils.sol

An Oracle Signer can never be removed even if he becomes malicious

modifyPositions functionality may unnecessarily fail

First depositors in a pool may lose their funds because of wrong shares calculation

Chainlink API may return stale prices

Buypunk function of Cryptopunks in ERC721Pool is used incorrectly