Incorrect withdraw queue balance in TVL calculation

Incorrect calculation of queued withdrawals can deflate TVL and increase ezETH mint rate

Lack of slippage and deadline during withdraw and deposit

Fixed hearbeat used for price validation is too stale for some tokens

Withdrawals and Claims are meant to be pausable, but it is not possible in practice

Attacker can make 0 value deposit() calls to deny user from redeeming or withdrawing collateral

Inability to perform partial liquidations allows huge positions to accrue bad debt in the system

Users can get their Kerosene stuck until TVL becomes greater than Dyad's supply

`PendlePowerFarmToken:: totalLpAssetsToDistribute` may lead to temporary DOS due to price growth check being skipped during deposit

`PendlePowerManager` is incompatible with `PendleRouterV3`

Due to missing checks on minimum gas passed through LayerZero, executions can fail on the destination chain

Anyone can update the address of the Router in the DcntEth contract to any address they would like to set.

Potential loss of capital due to fixed fee calculations

Missing access control on UTB:receiveFromBridge allows UTB swaps to be executed without spending bridge fees while bypassing fee/swap instruction signature verification

Rewards can be drained because of lack of access control

Looping over unbounded `pendingStakes` array can lead to permanent DoS and frozen funds

Fees are hardcoded to 3000 in ExactInputSingleParams

Attacker can force reduce `minAmountOut` from vault swaps, making they vulnerable to being sandwiched.

Wrong ProfitManager in GuildToken, will always revert for other types of gauges leading to bad debt

Adversary can block `claimAuction()` due to push-strategy to transfer assets to multiple bidders