The Deleverage Will apply twice on market USDtoken minting

Unclaimed Rewards Loss Due to Missing Validation in `VaultRouterBranch.stake()`

Users could potentially use their own referral code

Transferring deposit NFT doesn't check if the receiver exceeds the 100 deposit limit

Receipt NFTs will be permanently locked inside `buyOrder` when a user fills a buy order

Old owner of receipt NFTs will still be a manager in the corresponding vault contract allowing them to perform perform unwanted actions with veNFTs

Subtraction in `variance()` will revert due to underflow

Platform fees withdrawal will sweep oracle agents earned fees

Request responses and validations can be mocked leading to extraction of fees and/or forcing other generators to lose their fees by making them outliers

`V2AMO` is not compatible with Aerodrome and Velodrome routers due to different pool address creation logic

Unable to call some functions in the incentive contracts with onlyOwner modifier because of incorrect initialization leading to stuck funds

Attacker can steal a user's repaid protected listing if the buyer opts to withdraw their asset at another time

[H-01] Auction tokens will be lost forever when auction ends without bids

TokenManager - Unlimited withdraw