Delegated amounts can be forcefully removed from anyone in the TwabController

`Vault.mintYieldFee` FUNCTION CAN BE CALLED BY ANYONE TO MINT `Vault Shares` TO ANY RECIPIENT ADDRESS

EUSD.mint function wrong assumption of cases when calculated sharesAmount = 0

Incorrect function call in LybraRETHVault's getAssetPrice

Understatement of `poolTotalPeUSDCirculation` amounts due to incorrect accounting after function `_repay` is called

`stakerewardV2pool.withdraw()` should check the user's boost lock status.

It is not possible to execute actions that require ETH (or other protocol token)

Protocol will not benefit from slashing mechanism when remaining penalty bigger than minThreshold

RestakeToken function is not permissionless

Borrow rate calculation can cause VToken.accrueInterest() to revert, DoSing all major functionality

Exchange Rate can be manipulated

`WstEth` derivative assumes a ~1=1 peg of stETH to ETH

Stuck ether when use function `stake` with empty `derivatives`(`derivativeCount` = 0)

In de-peg scenario, forcing full exit from every derivative & immediately re-entering can cause big losses for depositors