Incorrect sequence of AaveDIVAWrapper constructor parameters

Inflated `totalAssets` in `StrategyMainnet`, `StrategyArb`, and `StrategyOp` Contracts

Borrower will always pay maximum fee when extending loan due to incorrect fee calculation in `DebitaV3Loan`

Division before multiplication in `DebitaIncentives::claimIncentives` can cause some users to receive zero rewards

Executing `executeMetaTransaction` with a user's signature but a random msg.value can cause an unexpected state changes

[H-01] Miscalculation in `_farmPlots` function could lead to a user unable to unstake all NFTs

Vultisig whitelisting can be bypassed by anyone

Incorrect withdraw queue balance in TVL calculation

Lack of slippage and deadline during withdraw and deposit

Fixed hearbeat used for price validation is too stale for some tokens

Inability to perform partial liquidations allows huge positions to accrue bad debt in the system

Design flaw and mismanagement in vault licensing leads to double counting in collateral ratios and positions collateralized entirely with kerosine

Kerosene collateral is not being moved on liquidation, exposing liquidators to loss

Users can get their Kerosene stuck until TVL becomes greater than Dyad's supply

Missing enough exogeneous collateral check in `VaultManagerV2::liquidate` makes the liquidation revert even if (DYAD Minted > Non Kerosene Value)

No incentive to liquidate small positions could result in protocol going underwater

Absence sequencer status check in `_getOraclePairPrice`

Issue with Borrower's Incentive in using this protocol

Misuse of Old Borrowing key instead of New Key in takeOverDebt Function

Malicious/Compromised organiser can reclaw all funds, stealing work from supporters

If a winner is blacklisted on any of the tokens they can't receive their funds

Potential DOS due to Gas Exhaustion Due to Large Array Iteration in `_distribute` Function

Centralization Risk for trusted organizers

DAI Tokens at Risk Due to Lack of address(0) Check in distribute

Zero address leads to transaction reverts

Lender fails to giveLoan because of inconsistent length between `loadIds` and `poolIds`

Missing Events Emitting

User can steal reward tokens if the Staking contract uses tokens with different decimals

[L-07] interface Staking.FeeDistribution is not used

Sender in `transferFrom` in `Lender.setPool` different from msg.sender

New lender is charged with paying protocolInterest

Theft of collateral tokens with fewer than 18 decimals

Liquidation Is Prevented Due To Strict Implementation of Liqudation Bonus

Improving the burnDsc() to allow users to mitigate their liquidation's impact

Zero address check for tokens

[H-01] Lack of emergency withdraw function when no arbiter is set