Possible incentive theft through the arbitraryCall() function

Wrong calculation of excess depositToken allows stream creator to retrieve `depositTokenFlashloanFeeAmount`, which may cause fund loss to users

arbitraryCall() can get blocked by an attacker

_notSameBlock() can be circumvented in bondToAccount()

Permissions - return values not checked when sending ETH

AbstractRewardMine - Re-entrancy attack during withdrawal