`validateSignature(...)` in `EllipticCurve` mixes up Jacobian and projective coordinates

User can borrow DOLA indefinitely without settling DBR deficit by keeping their debt close to the allowed maximum

Two day low oracle used in `Market.liquidate()` makes the system highly at risk in an oracle attack

Any user can receive arbitrarily large amount of Illuminate tokens for a small deposit by exploiting reentrancy in Lender

Users' redemptions of Illuminate can be hijacked by front-running and minting more Illuminate

Reentrancy and using user-supplied address in Sense variant of redeem() allows for manipulating holdings and increasing redemption payouts

Redemption pause is not enforced in authRedeem() and autoRedeem()

ERC5095's redeem() and withdraw() pre-maturity don't consume caller's tokens

MarketPlace.setPrincipal(...) doesn't work for Notional