no bidder has incentive to bid the Auction except doing last-minute MEV due to fixed endBlock

Unstaking `vMAIA` tokens on the first Tuesday of the month can be offset

Exchange Rate can be manipulated

A staker with verified over-commitment can potentially bypass slashing completely

POSITION LIMIT COULD BE FULLY REDUCED TO ZERO BY CLONES

Incorrect protocol fee is taken when changing NFTs

Flash loan fee is incorrect in Private Pool contract

Calling `Position._marketBuy` and `Position._marketSell` functions that calculate `_fee` by dividing by `10000` can cause incorrect calculations

Underflow of `lpPosition.points` during withdrawLP causes huge reward minting

First vault depositor can steal other's assets

Fee on transfer token not supported

Bad implementation in minter access control for `RabbitHoleReceipt` and `RabbitHoleTickets` contracts

Users may not claim Erc1155 rewards when the Quest has ended

ERC4626Cloned deposit and mint logic differ on first deposit

node operator is getting slashed for full duration even though rewards are distributed based on a 14 day cycle

`buy()` in `LPDA.sol` Can be Manipulated by Buyers

Data corruption in NFTFloorOracle; Denial of Service

Centralization risk: admin can with rug the project by removing asset and price manipulation on oracle.

Calling `updateNodeRunnerWhitelistStatus` function always reverts

Hacked owner or malicious owner can immediately steal all assets on the platform

Incompatibility with fee-on-transfer/inflationary/deflationary/rebasing tokens, on both base tokens and quote tokens, with varying impacts

Very critical `Owner` privileges can cause complete destruction of the project in a possible privateKey exploit