`dexBalances` depend on `slot0` price, which can lead to price manipulation and `totalAssets` inflation

`_stakeNxm` allows `owner()` to register malicious pools, inflating `stakedNxm` and `totalAssets`

`maxMint()` ignores internal `MAX_SHARES` limit, violating ERC-4626 MUST statements

[H-01] Auction tokens will be lost forever when auction ends without bids

`mintToken()`, `mintWithBudget()`, and `forge()` in the `TraitForgeNft` Contract Will Fail Due to a Wrong Modifier Used in `EntropyGenerator.initializeAlphaIndices()`

Pause and unpause functions are inaccessible

[H-01] Miscalculation in `_farmPlots` function could lead to a user unable to unstake all NFTs

`executeWithdraw` may be blocked if any of the users are blacklisted from the `baseToken`

`NoyaValueOracle.getValue` returns an incorrect price when a multi-token route is used

The total deposit amount limit in `AccountingManager.sol` can be bypassed

AccountingManager has no correct implementations of the core ERC-4626 functions `deposit`, `mint`, `withdraw` and `redeem`

`Keepers` does not implement EIP712 correctly on multiple occasions

First depositor can make subsequent depositor lose all of her or his deposit

Dust donation might DOS all connectors to create new holding positions, by preventing removing existing holding positions

`VaultManagerV2.sol::burnDyad` function is missing an `isDNftOwner` modifier, allowing a user to burn another user's minted DYAD