Lack of access control in FlashloanRepay, FlashloanLiquidate, GeneralRepay, and DepositStableCoinToDealer can lead to user loss of funds

Missing recursive calls handling in `OffchainDNSResolver` CCIP-aware contract

DOS of market operations with malicious offers

Incorrect calculations can occur when calling `Position._marketBuy` and `Position._marketSell` functions that do not include maker fee in `_fee`

Calling `Position._marketBuy` and `Position._marketSell` functions that calculate `_fee` by dividing by `10000` can cause incorrect calculations

Calling `ExpiringMarket.stop` and `ExpiringMarket.isClosed` functions cannot pause any functionlities of the market

Pool is vulnerable to inflation attack

Pool approve/transferFrom is vulnerable to race condition

Protection seller will lose unlocked capital if it fails to claim during more than one period

Gas Limit Denial of Service via unbounded operations on active protections enumerable set

Memorializing an NFT position on the same bucket of a previously memorialized NFT locks redemption

Minting an NFT with a position on the same bucket as a previously minted NFT changes its deposit time

`FeeRefund.tokenGasPriceFactor` is not included in signed transaction data allowing the submitter to steal funds

[Medium-3] Non-compliance with EIP-4337

Possible division by zero depending on `TradingModule.getOraclePrice` return values