Users can claim more that their actual allotment

Malicious users can empty tokens from the contract by sending two or more orders in the same block

PrivatePool owner can steal all ERC20 and NFT from user via arbitrary execution

Royalty recipients will not get fair share of royalties

`changeFeeQuote` will fail for low decimal ERC20 tokens

Flash loan fee is incorrect in Private Pool contract

The return value of buyAllAmount is incorrect

Treasury doesn't get depositFee when user deposits into epochs using the zero epoch method

ownerToRollOverQueueIndex is not set correctly which affects the delistRollover function and notRollingOver modifier

changeTreasury in VaultFactoryV2 contract doesn't change the treasury address correctly

Unbounded size of rolloverQueue will eventually cause the mintRollovers function to revert

Protocol fees can be withdrawn multiple times in `Erc20Quest`

Bad implementation in minter access control for `RabbitHoleReceipt` and `RabbitHoleTickets` contracts

Buyer on secondary NFT market can lose fund if they buy a NFT that is already used to claim the reward

Funds can be stuck due to wrong order of operations

Users may not claim Erc1155 rewards when the Quest has ended

It is impossible to repay the full debt amount, causing loss of funds to both borrower and lender

First depositor can break minting of shares

it's possible to swap NFT token ids without fee and also attacker can wrap unwrap all the NFT token balance of the Pair contract and steal their air drops for those token ids

Malicious Bull can make the Bear pay a very high gas fee by manipulating the NFT receive function

Usage of deprecated transfer() can result in revert

`getCommunityVotingPower` doesn't calculate voting Power correctly due to precision loss

Calling `repay` function sends less DOLA to `Market` contract when `forceReplenish` function is not called while it could be called

_validateDeploymentConfig function in NFTCollection.sol doesn't check all conditions

In `ERC721NFTProduct.sol` and `ERC1155NFTProduct.sol` the runtime Config parameters are not checked for validity

Curve values are not checked to be in increasing order. Leading to revert of several core functions.

Loss of vested amounts

`Token:mint`: infinite loop if the founders' shares sum up to 100

Migration::withdrawContribution falsely assumes that user should get exactly his original contribution back

Cash-out from a successful buyout allows an attacker to drain Ether from the `Buyout` contract