Attacker will inject malicious pool addresses to corrupt protocol calculations

adjustMaker ignores recipient parameter when removing liquidity, violating interface contract

Unauthorized Access to setCurves Function

Curves::_buyCurvesToken(), Excess of Eth received is not refunded back to the user.

Missing check in `Cooler.provideNewTermsForRoll` which allows lender to modify loan terms

Missing `deadline` param in `swapExactAmountOut()` allowing outdated slippage and allow pending transaction to be executed unexpectedly.

Return value of low level `call` not checked.

Rounding error in `WUSDA` can result in loss of user funds, especially when manipulated by an attacker

Reentrancy issue with the 'withdraw' method of USDC. All tokens could be drained.

Missing access control on `mintRebalancer()` and `burnRebalancer()`

Incorrect decimals used in the `getPriceUSD` function which uses Chainlink oracle to fetch real time price.

Chainlink's `latestRoundData` could return stale or incorrect result (and no implemention of try-catch block)

Usage of `transfer()` in place of `safeTransfer()` for ERC20 tokens.