Burner role can not be revoked

Fee on transfer tokens will cause users to lose funds

Single-step process for critical ownership transfer is risky

Pragma non-specification can lead to non-functional / corrupted contract when deployed on Arbitrum

Some ERC20 tokens would revert on zero value fee transfers.

Zero address leads to transaction reverts

Missing Events Emitting

Rounding error risk in borrow() function in Lender.sol

`Staked` struct is created but never used

Multiple accesses of a mapping/array should use a local variable cache.

+= and -= are more expensive

Uncheck Arithmetic where overflow/underflow impossible

Using Private Rather Than Public For Constants,Saves Gas

Use of magic numbers

Named parameter mappings

For the borrow(), repay() & startAuction() functions in Lender.sol the public visibility modifiers should be changed to external, to help optimize gas usage

Use assembly to check for `address(0)`

caching variable of struct in one slot

NatSpec documentation for function is missing

Large multiples of ten should use scientific notation

Constants in comparisons should appear on the left side

Floating pragma in all contracts

Use if + custom errors instead of using require + string

Don't initialize `uint/int` variables with default value

Unbounded loop in Lender.sol functions may revert.

Function ordering does not follow the Solidity style guide

abi.encode(..) is less efficient

All interfaces must be in one folder

Using delete statement can save gas

Long functions should be refactored into multiple, smaller, functions

Interfaces should be indicated with an `I` prefix in the contract name

Use assembly to emit an event

Use do while loops instead of for loops.

[H-01] Lack of emergency withdraw function when no arbiter is set

Constructor of `Escrow` should make sure that `buyer`, `seller`, `arbiter` are different from each other.

The `nonReentrant` `modifier` should occur before all other modifiers

NatSpec `@param` is missing

NatSpec `@return` argument is missing

Potential risk of using `swappedAmount` in case of swap error

The `tokenURI` method does not check if the NFT has been minted and returns data for the contract that may be a fake NFT.

Low level calls to accounts with no code will succeed in `FeeWrapper`

Fee on transfer token not supported

Fee on transfer tokens will not behave as expected

Tokens with fee on transfer are not supported in `PublicVault.sol`

SmartAccount.sol is intended to be upgradable but inherits from contracts that contain storage and no gaps

Inflation of ggAVAX share price by first depositor

Users may not be able to redeem their shares due to underflow

wrong reward distribution between early and late depositors because of the late syncRewards() call in the cycle, syncReward() logic should be executed in each withdraw or deposits (without reverting)

Trading will not work on ethereum if USDT is used

Chainlink price feed is not sufficiently validated and can return stale price

Front-running admin setPrice call allows a single compromised oracle to set any price, allowing the oracle manipulator to drain all protocol funds

During oracle outages or feeder outages/disagreement, the `ParaSpaceFallbackOracle` is not used

Centralization risk: admin can with rug the project by removing asset and price manipulation on oracle.

Public to all funds escape

Chainlink oracle data feed is not sufficiently validated and can return stale `price`

Supply cap of VariableSupplyERC20Token is not properly enforced

Fee-on-Transfer tokens cause problems in multiple places

Different Oracle issues can return outdated prices

NFT of NFT collection or NFT drop collection can be locked when calling _mint or mintCountTo function to mint it to a contract that does not support ERC721 protocol