Attacker Can Frontruns User's Withdrawals To Make Them Reverts Without Costs

Rewards can be drained because of lack of access control

Lender can block repayment by reverting on `onRepay()` callback

Lender can increase loan interest at any time because of lack of access control

The peg stability module can be compromised by forcing lowerDepeg to revert.

Lender contract can be drained by re-entrancy in `repay`

Lender contract can be drained by re-entrancy in `setPool`

Borrower can use Refinance to cancel auctions so they can extend their loan indefinitely

During refinance() new Pool balance debt is subtracted twice

[H-04] Lender#buyLoan - Malicious user could take over a loan for free without having a pool because of wrong access control

Using forged/fake lending pools to steal any loan opening for auction

Stealing any loan opening for auction through others' lending pool

Token spending by Uniswap router doesn't get approved

Lender can Sandwich a borrower to seize his collateral

Lender contract can be drained by re-entrancy in `seizeLoan`

Lender contract can be drained by re-entrancy in `refinance` (collateral)

Emitting incorrect event parameters

Uncheck Arithmetic where overflow/underflow impossible

`++i`/`i++` should be `unchecked{++i}`/`unchecked{i++}` when it is not possible for them to overflow, as is the case when used in `for`- and `while`-loops

Claimer.claimPrizes can be frontrunned in order to make losses for the claim bot

It is not possible to execute actions that require ETH (or other protocol token)