An attacker can notify 1 wei of reward token for increasing the `periodFinish` time again and again.

Wrongly checking the limits with currency amount instead of request amount.

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

Fee Recipient Shares Cannot Be Decreased When Total Fee recipients’s share is at Max Limit

Users can claim more that their actual allotment

Unsafe usage of approve method for some ERC20s

Missing `whenNotPaused` modifier

`SuperPool.sol` is not ERC-4626 compliant.

Users are unable to borrow up to their LTV set into the system.

Incorrectly assigned `decimal1` parameter upon decoding

`WellUpgradeable` can be upgraded by anyone

Single plot can be occupied by multiple renters

[H-01] Miscalculation in `_farmPlots` function could lead to a user unable to unstake all NFTs

Malicious User can call `lockOnBehalf` repeatedly extend a users `unlockTime`, removing their ability to withdraw previously locked tokens

User can get their Kerosene stuck because of an invalid check on withdraw

Value of kerosene can be manipulated to force liquidate users