no validation to ensure the arbitrum sequencer is down

Poor validation of chainlink price timestamp

The protocol does not compatible with token such as USDT because of the Approval Face Protection

Limit orders are broken when there are price gaps

User can reject Vault account settlement easily

Token approval is never issued for CERC20 When executing rebalancing in TreasuryAction.sol

Lack of check for liquidator address when deleveraging result in either griefing or loss of fund

Cannot permissionless settle the vault account if the user use a blacklisted account

cToken mint/redeem return value is never handled

Malicious user can finalize other’s withdrawal with precise amount of gas, leading to loss of funds even after the fix

User can avoid paying deposit fee

Unbounded loop causes dos and relayers cannot be compensated

Lack of validation for chainlink price feed timestamp allows outdated price to be used.

Epoch is wrongly settled if sequencer is down

Incorrect usage of block number

Oracle assumes stable coin never depegs

Issue when using tx.gasprice to estimate the execution fee

There is no check to see if Arbitrum L2 sequencer is down

Poor validation of chainlink oracle timestamp