Rounding error in `WUSDA` can result in loss of user funds, especially when manipulated by an attacker

`setMerkleRoot` is wrongly implemented and if used it will break the contract

`_setTotal` will not work

Users can steal all claimed, but not exercised reward token

Incorrectly implemented modifiers in LybraConfigurator.sol allow any address to call functions that are supposed to be restricted

Volatile prices and lack of checks on `rigidRedemption()` can cause users to purchase stETH at unwanted prices

If `ProtocolRewardsPool` is insufficient in EUSD, users will not be able to calim any rewards

Due to inappropriately short `votingPeriod` and `votingDelay`, it is near impossible for the governance to function correctly.

Incorrect function call in LybraRETHVault's getAssetPrice

It is possible to manipulate WETH/LBR pair to claim reward of the users which shouldn't be claimed

Understatement of `poolTotalPeUSDCirculation` amounts due to incorrect accounting after function `_repay` is called