Owner can steal funds via malicious `fastGasFeed` contract

Protocol is unable to support any pools that include wrapped native tokens

`Vault::reduce-position` results in a loss of funds

`Vault` debt interest is never accrued

`MarginDex::execute_limit_order` will always revert

Price updates vulerable to sandwitch attacks

After L1 ECO token inflation but before a rebase, gons are incorrectly calculated when initiating deposits and finalizing withdrawals

Incorrect price feed used in `StableOracleWBTC`

The price from `StableOracleDAI` is returned with the incorrect number of decimals

Underlying collateral can be drained from the protocol

There is no slippage protection when swapping tokens

Lack of validation for Chainlink price feed timestamps allow outdated prices to be used

At certain DAI collateral balances `BuyUSSDSellCollateral` will revert

Removing collateral type makes the protocol insolvent

Claiming accumulated rewards while the contract is underfunded can lead to a loss of rewards

Delegation rewards are not counted toward granting fund

Governance attack on Extraordinary Proposals

When a club is sold, the buyer can be rugged

Footium clubs can be minted to contracts that do not support ERC-721

Certain ERC-20 tokens will become locked within escrow contracts

Changes to `FootiumAcademy._maxGenerationId` affects past seasons

Missing access control for `CollateralManager.setCollateralEscrowBeacon()` allows for collateral to be stolen

A lender can frontrun a payment on a defaulted loan, taking both collateral and repayment

`Factory.create`: Predictability of pool address creates multiple issues.

Royalty recipients will not get fair share of royalties

Reward accounting is incorrect in BathBuddy contract

Calling `ExpiringMarket.stop` and `ExpiringMarket.isClosed` functions cannot pause any functionlities of the market

An attacker can manipulate the preDepositvePrice to steal from other users.

Staking, unstaking and rebalanceToWeight can be sandwiched (Mainly rETH deposit )

Deposit fee can be bypassed

Updating a queued rollover corrupts rollover accounting

Delisting a rollover can prevent minting of other queued rollovers

`changeTreasury` does not set vault treasuries correctly

A new controller could be unable to resolve epochs

If a pegged token oracle goes down or price falls to zero, depeg events cannot be triggered

Updating a pool's total points doesn't affect existing stake positions for rewards calculation

The buyer of the ticket could be front-runned by the ticket owner who claims the rewards before the ticket's NFT is traded

Pool shares can be sent to the zero address as fees

Token approval can be front-run

Safe threshold set incorrectly by `reconcileSignerCount`

`maxSigners` can be exceeded, causing all safe transactions to revert

Valid signers can be forcibly removed from the safe

Every withdrawal caches rewards, allowing them to be claimed multiple times

ICHI Vault LP tokens cannot be withdrawn