CToken inflation attack

Perennial account users with rebalance group may suffer a donation attack

Emptyset reserve strategies may revert when aave/compound supply limit is reached or pool owner pause/froze the pool

`DECIMALS_OFFSET` is not set correctly

Attacker can frontrun `WinnablesTicketManager.createRaffle` to cancel any raffle

Attacker can force `WinnablesTicketManager` to send CCIP message to wrong destination

raffle is both drawable and cancelable when currentTicketSold = minTicketsThreshold

Raffle cannot be drawn when Ticket supply is large

Admin can affect the odds of a raffle

Superpool is vulnerable to donation attack

liquidators are not incentivized and liquidation may revert for high LTV pools