Storage Root Assignment Missing in Tree Finalization

Missing `lower<upper` check in `mint_position`

If liquidity is insufficient, users may need to pay more tokens in swap2

_onTransferReceived() does not work as intended

Lack of Slippage Protection in Dynamic Pricing Mint Function

The `MIPS` doesn't implement `ADD`, `ADDI`, and `SUB` instructions correctly

Incorrect withdraw queue balance in TVL calculation

Withdrawals logic allows MEV exploits of TVL changes and zero-slippage zero-fee swaps

Pending withdrawals prevent safe removal of collateral assets

iq 200 user will exploit the interest amount distribution and avoid loss from liquidation

Inability to perform partial liquidations allows huge positions to accrue bad debt in the system

No incentive to liquidate small positions could result in protocol going underwater

No incentive to liquidate when CR <= 1 as asset received < dyad burned

Players have complete freedom to customize the fighter NFT when calling `redeemMintPass` and can redeem fighters of types Dendroid and with rare attributes

The use of spot price by CoreSaltyFeed can lead to price manipulation and undesired liquidations

First Liquidity provider can claim all initial pool rewards

Chainlink price feed uses BTC, not WBTC. In case of depegging, oracles will become easier to manipulate.

Attack to make ````CurveSubject```` to be a ````HoneyPot````

Auction manipulation by block stuffing and reverting on ERC-777 hooks

If RootBridgeAgent.lzReceiveNonBlocking reverts internally, the native token sent by relayer to RootBridgeAgent is left in RootBridgeAgent

Understatement of `poolTotalPeUSDCirculation` amounts due to incorrect accounting after function `_repay` is called