CHALLENGER_REWARD can be used to drain reserves and free mint

Challengers and bidders can collude together to restrict the minting of position owner

POSITION LIMIT COULD BE FULLY REDUCED TO ZERO BY CLONES

Frontrun monitoring program to be able to purchase protection for locked pools

After the pool returns from the locked state, ```_getExchangeRate()``` may be broken and stop ```deposit()``` from functioning

Staking rewards can be drained

DOS any Staking contract with Arithmetic Overflow

Accrued perfomance fee calculation takes wrong assumptions for share decimals, leading to loss of shares or hyperinflation

Malicious Users Can Drain The Assets Of Vault. (Due to not being ERC4626 Complaint)

User can deposit unallowed Collateral to his account by using ```AccountManager.exec()```

Cash-out from a successful buyout allows an attacker to drain Ether from the `Buyout` contract

Able to mint any amount of PT

Lend method signature for illuminate does not track the accumulated fee

```withdraw``` eToken before ```withdrawFee``` of eToken could render ```withdrawFee``` of eToken unfunctioning

Centralisation Risk: Admin Can Change Important Variables To Steal Funds

Incorrectly set ```_maxTime``` to be in line with the locking ```maxTime``` of each veToken could render the ```deposit``` of this contract to be unfunctional or even freeze assets inside the contract

Misconfiguration of Fees Incentive Might Cause Tokens To Be Stuck In `Booster` Contract

Strategists can take more rewards than they should using the function strategistBootyClaim().

Missing checks allow strategists to steal all fund via `tailOff`

Increase voting power by tokenizing the address that locks the token

Use safeTransferFrom instead of transferFrom for ERC721 transfers

Owner can modify the feeRate on existing vaults and steal the strike value on exercise