Dysfunctional access control implementation in the MarketExternalActions.sol

Incorrect assumptions regarding the precision of PendleMarket Quotes from the PendleOracle

Unsafe use of `transferFrom()` with `IERC20

Lack of validation for CrossChainMessages to the `GatewayCrossChain` would lead to loss of user funds

Minting zero tokens when underlyingToken is not Ether in cashIn()

A malicious actor could cancel a raffle in such a way that results in loss of reward tokens on the PrizeManager contract

An admin could withdraw a raffle's winner prize if the reward is an ERC20 Token.

Invalid validation allows users to unlock early

Unauthorized Access to setCurves Function

Protocol and referral fee would be permanently stuck in the Curves contract when selling a token

onBalanceChange causes previously unclaimed rewards to be cleared

Curves::_buyCurvesToken(), Excess of Eth received is not refunded back to the user.

Owner cannot withdraw all interest due to wrong calculation of accrued interest in WithdrwaCarry

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

Soft Restricted Staker Role can withdraw stUSDe for USDe

Ability to steal user funds and increase collateral share infinitely in BigBang and Singularity

Lack of slippage protection can lead to significant loss of user funds

DOS due to the use of deprecated function