Buyer has no real control over how much they really pay for an order

Authorized matcher can change the treasury

Market has no way to resolve to "invalid" or "unknown" state

Asymmetric fee structure allows market participants to get the same outcome for less fee

Collateral can already be seized even when negRiskMarket is not fully resolved

Lender can deny a repayment by getting themselves on the USDC blacklist

Wrong call order for `setTopPoolIdsWithWeights`, resulting in wrong distribution of rewards

Bribe rewards are lost if a pool receives no votes during an epoch

Unlocked positions can still vote

Bribes can be denied by filling up a farm with fake bribes until `MAX_BRIBES_PER_POOL` limit

Incorrect access control for `_requireOnlyOperatorOrOwnerOf()`. Anyone can call `MlumStaking.addToPosition()` for other users, with various impacts.

Users can artificially create a voting ballot with 2 weeks `lockDuration`, effectively bypassing the 3-month limit

Down Rebasing Tokens will cause bankrun in MlumStaking and MasterChefV2

New staking positions still gets the full reward amount as with old stakings, diluting rewards for old stakers

Max exposure cap can be bypassed on assets using WrappedAerodromeAM.sol

LP can instantly arbitrage and drain any Maker by updating the Pyth price

OracleMaker's price with spread does not take into account the new position

USDT/USDC depeg event will pit both makers at a highly risky position due to arbitrage

No slippage check for deposit/withdraw in either Makers

Can mint NFT with the desired attributes by reverting transaction

`CREATE2` address collision against an Account will allow complete draining of lending pools

L2 sequencer down will push an auction's price down, causing unfair liquidation prices, and potentially guaranteeing bad debt

New staking between reward epochs will dilute rewards for existing stakers. Anyone can then front-run `OperationalStaking.rewardValidators()` to steal rewards

Frontrunning validator freeze to withdraw tokens

No cooldown in `recoverUnstaking()`, opens up several possible attacks by abusing this functionality.

`validatorMaxStake` can be bypassed by using `setValidatorAddress()`

No option to change validator address without also transferring unstakings, leads to lost rewards when a validator has taken more than 300 unstakings (even if through normal usage)

Anyone can update the address of the Router in the DcntEth contract to any address they would like to set.