Replay attack (EIP712 signed transaction)

Attacker can steal any funds in the contract by state confusion (no preconditions)

`increaseUnlockTime` missing `_checkpoint` for delegated values

Possible to bypass saleConfig.limitPerAccount

[PNM-001] `PARENT_CANNOT_CONTROL` can be bypassed by maliciously unwrapping parent node

[PNM-002] The expiry of the parent node can be smaller than the one of a child node, violating the guarantee policy

Users can create extra ENS records at no cost

[PNM-003] The preimage DB (i.e., `NameWrapper.names`) can be maliciously manipulated/corrupted

Proposal which started buyout which fails is able to settle migration as if its buyout succeeded.

Steal NFTs from a Vault, and ETH + Fractional tokens from users.

[PNM-001] The time constraint of selling fractions can be bypassed by directly transferring fraction tokens to the buyout contract

```migrateFractions``` may be called more than once by the same user which may lead to loss of tokens for other users

An attacker can DoS vault's buyout with as little as 1 wei per 4 days

Delegate call in `Vault#_execute` can alter Vault's ownership

Create a short call order with non empty floor makes the option impossible to exercise and withdraw

[PNM-004] Calculation of `_secondaryReserveRatio` can be overflowed

`_storeRebase()` is called with the wrong parameters

`canExecTakeOrder` mismatches `makerOrder` and `takerItems` when duplicated items present

Maker buy order with no specified NFT tokenIds may get fulfilled in `matchOneToManyOrders` without receiving any NFT

Some real-world NFT tokens may support both ERC721 and ERC1155 standards, which may break `InfinityExchange::_transferNFTs`

`_transferNFTs()` succeeds even if no transfer is performed

Bug in `MatchOneToManyOrders` may cause tokens theft